Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

497 vulnerabilities reference this CWE, most recent first.

CVE-2023-0195 (GCVE-0-2023-0195)

Vulnerability from cvelistv5 – Published: 2023-04-01 04:55 – Updated: 2025-02-13 16:38
VLAI
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
NVIDIA vGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows) Affected: All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0195",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T16:38:26.823764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:47:11.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "vGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows)",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284,\nwhich may lead to hypothetical Information leak of unimportant data such as local variable data of the driver"
            }
          ],
          "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284,\nwhich may lead to hypothetical Information leak of unimportant data such as local variable data of the driver"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-03T14:06:45.526Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
        },
        {
          "url": "https://security.gentoo.org/glsa/202310-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2023-0195",
    "datePublished": "2023-04-01T04:55:08.956Z",
    "dateReserved": "2023-01-11T05:48:48.742Z",
    "dateUpdated": "2025-02-13T16:38:50.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0194 (GCVE-0-2023-0194)

Vulnerability from cvelistv5 – Published: 2023-04-01 04:53 – Updated: 2025-02-13 16:38
VLAI
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
NVIDIA vGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows) Affected: All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0194",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T16:38:54.267570Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T16:39:00.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "vGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows)",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service."
            }
          ],
          "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-03T14:06:30.312Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
        },
        {
          "url": "https://security.gentoo.org/glsa/202310-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2023-0194",
    "datePublished": "2023-04-01T04:53:48.218Z",
    "dateReserved": "2023-01-11T05:48:48.155Z",
    "dateUpdated": "2025-02-13T16:38:50.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-46143 (GCVE-0-2022-46143)

Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-01-14 10:27
VLAI
Summary
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
Siemens RUGGEDCOM RM1224 LTE(4G) EU Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RM1224 LTE(4G) EU Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RM1224 LTE(4G) NAM Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RM1224 LTE(4G) NAM Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M804PB Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M804PB Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M812-1 ADSL-Router Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M812-1 ADSL-Router Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M816-1 ADSL-Router Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M816-1 ADSL-Router Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M826-2 SHDSL-Router Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M826-2 SHDSL-Router Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M874-2 Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M874-2 Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M874-3 Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M874-3 Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 (ROK) Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 (ROK) Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (EU) Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (EU) Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (NAM) Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (NAM) Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (EU) Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (EU) Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (EU) Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (EU) Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (RoW) Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (RoW) Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE S615 EEC LAN-Router Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE S615 EEC LAN-Router Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE S615 LAN-Router Affected: 0 , < V7.2 (custom)
Create a notification for this product.
Siemens SCALANCE S615 LAN-Router Affected: 0 , < V8.0 (custom)
Create a notification for this product.
Siemens SCALANCE SC622-2C Affected: 0 , < V2.3 (custom)
Create a notification for this product.
Siemens SCALANCE SC622-2C Affected: V2.3 , < V3.0 (custom)
Create a notification for this product.
Siemens SCALANCE SC626-2C Affected: 0 , < V2.3 (custom)
Create a notification for this product.
Siemens SCALANCE SC626-2C Affected: V2.3 , < V3.0 (custom)
Create a notification for this product.
Siemens SCALANCE SC632-2C Affected: 0 , < V2.3 (custom)
Create a notification for this product.
Siemens SCALANCE SC632-2C Affected: V2.3 , < V3.0 (custom)
Create a notification for this product.
Siemens SCALANCE SC636-2C Affected: 0 , < V2.3 (custom)
Create a notification for this product.
Siemens SCALANCE SC636-2C Affected: V2.3 , < V3.0 (custom)
Create a notification for this product.
Siemens SCALANCE SC642-2C Affected: 0 , < V2.3 (custom)
Create a notification for this product.
Siemens SCALANCE SC642-2C Affected: V2.3 , < V3.0 (custom)
Create a notification for this product.
Siemens SCALANCE SC646-2C Affected: 0 , < V2.3 (custom)
Create a notification for this product.
Siemens SCALANCE SC646-2C Affected: V2.3 , < V3.0 (custom)
Create a notification for this product.
Siemens SCALANCE W1748-1 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W1788-1 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W1788-2 EEC M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W1788-2 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W1788-2IA M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W721-1 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W722-1 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W734-1 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W734-1 RJ45 (USA) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W738-1 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W748-1 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W748-1 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W761-1 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W774-1 M12 EEC Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W774-1 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W774-1 RJ45 (USA) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W778-1 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W778-1 M12 EEC Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W778-1 M12 EEC (USA) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W786-1 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W786-2 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W786-2 SFP Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W786-2IA RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W788-1 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W788-1 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W788-2 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W788-2 M12 EEC Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W788-2 RJ45 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE WAB762-1 Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM763-1 Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM763-1 (ME) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM763-1 (US) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM766-1 Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM766-1 (ME) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM766-1 (US) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM766-1 EEC Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM766-1 EEC (ME) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM766-1 EEC (US) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WUB762-1 Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WUB762-1 iFeatures Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WUM763-1 Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WUM763-1 (US) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WUM766-1 Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WUM766-1 (ME) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE WUM766-1 (USA) Affected: 0 , < V3.0.0 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3 (SC, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3 (ST, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3 (ST, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3LD (SC, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3LD (SC, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB208 (E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB208 (PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (SC, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (SC, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (ST, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (ST, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3LD (SC, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3LD (SC, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB216 (E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB216 (PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2 (SC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2 (ST/BFOC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE (54 V DC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE EEC (54 V DC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G (EIP DEF.) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G (EIP def.) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G PoE Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G PoE (54 V DC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-3G PoE Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-3G PoE (54 V DC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G (EIP Def.) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC224 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G (EIP Def.) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XF204 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XF204 DNA Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XF204-2BA Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XF204-2BA DNA Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XM408-4C Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM408-4C (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM408-8C Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM408-8C (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM416-4C Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM416-4C (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP208 (Ethernet/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP208EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP208PoE EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP216 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP216 (Ethernet/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP216EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP216POE EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR324WG (24 x FE, AC 230V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR324WG (24 X FE, DC 24V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR326-2C PoE WG Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR326-2C PoE WG (without UL) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (28xGE, AC 230V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (28xGE, DC 24V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 1x230V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 1x230V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 24V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 24V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 2x230V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 2x230V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 1x230V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 1x230V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 24V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 24V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 2x230V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 2x230V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR528-6M Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR528-6M (2HR2, L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR528-6M (2HR2) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR528-6M (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR552-12M Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR552-12M (2HR2, L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR552-12M (2HR2) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC206-2 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC206-2SFP Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC208 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC216-4C Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:24:03.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M804PB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M804PB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M826-2 SHDSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M826-2 SHDSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3 (ROK)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3 (ROK)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (NAM)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (NAM)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (RoW)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (RoW)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 EEC LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 EEC LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC622-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC622-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "V2.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC626-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC626-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "V2.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC632-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC632-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "V2.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC636-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC636-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "V2.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC642-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC642-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "V2.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC646-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC646-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "V2.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1788-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1788-2 EEC M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1788-2 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1788-2IA M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W721-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W721-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W738-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W738-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W761-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W761-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12 EEC (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2IA RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2IA RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAB762-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM763-1 (ME)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM763-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 (ME)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 EEC (ME)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 EEC (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUB762-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUB762-1 iFeatures",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM766-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM766-1 (ME)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM766-1 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3LD (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3LD (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB208 (E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB208 (PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (ST, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3LD (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3LD (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB216 (E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB216 (PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2 (SC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2 (ST/BFOC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE EEC (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G (EIP DEF.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G (EIP def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-3G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-3G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G (EIP Def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G (EIP Def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204 DNA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA DNA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM408-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM408-4C (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM408-8C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM408-8C (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM416-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM416-4C (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208 (Ethernet/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208PoE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216 (Ethernet/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216POE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324WG (24 x FE, AC 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324WG (24 X FE, DC 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR326-2C PoE WG",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR326-2C PoE WG (without UL)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 1x230V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 1x230V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 24V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 24V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 2x230V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 2x230V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 1x230V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 1x230V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 24V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 24V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 2x230V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 2x230V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR528-6M",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR528-6M (2HR2, L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR528-6M (2HR2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR528-6M (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR552-12M",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR552-12M (2HR2, L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR552-12M (2HR2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR552-12M (2HR2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC206-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC206-2SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC216-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T10:27:11.064Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-46143",
    "datePublished": "2022-12-13T00:00:00.000Z",
    "dateReserved": "2022-11-28T00:00:00.000Z",
    "dateUpdated": "2025-01-14T10:27:11.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39313 (GCVE-0-2022-39313)

Vulnerability from cvelistv5 – Published: 2022-10-24 00:00 – Updated: 2025-04-23 16:45
VLAI
Title
Parse Server crashes when receiving file download request with invalid byte range
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
parse-community parse-server Affected: < 4.10.17
Affected: >= 5.0.0, < 5.2.8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39313",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:49:54.286238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:45:01.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parse-server",
          "vendor": "parse-community",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.10.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.2.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-24T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3"
        }
      ],
      "source": {
        "advisory": "GHSA-h423-w6qv-2wj3",
        "discovery": "UNKNOWN"
      },
      "title": "Parse Server crashes when receiving file download request with invalid byte range"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39313",
    "datePublished": "2022-10-24T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:45:01.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39272 (GCVE-0-2022-39272)

Vulnerability from cvelistv5 – Published: 2022-10-21 00:00 – Updated: 2025-04-23 16:45
VLAI
Title
Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration
Summary
Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
fluxcd flux2 Affected: < 0.35.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:43.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/fluxcd/flux2/security/advisories/GHSA-f4p5-x4vc-mh4v"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/apimachinery/issues/131"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39272",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:56:09.377247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:45:22.608Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "flux2",
          "vendor": "fluxcd",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.35.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux\u2019s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/fluxcd/flux2/security/advisories/GHSA-f4p5-x4vc-mh4v"
        },
        {
          "url": "https://github.com/kubernetes/apimachinery/issues/131"
        }
      ],
      "source": {
        "advisory": "GHSA-f4p5-x4vc-mh4v",
        "discovery": "UNKNOWN"
      },
      "title": "Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39272",
    "datePublished": "2022-10-21T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:45:22.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28613 (GCVE-0-2022-28613)

Vulnerability from cvelistv5 – Published: 2022-05-02 19:01 – Updated: 2024-09-25 07:58
VLAI
Title
Specially Crafted Modbus TCP Packet Vulnerability in RTU500 series
Summary
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
Hitachi Energy RTU500 series CMU Firmware Affected: 12.0.*
Affected: 12.2.*
Affected: 12.4.*
Affected: 12.6.*
Affected: 12.7.*
Affected: 13.2.*
Create a notification for this product.
Date Public
2022-04-18 22:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:56:16.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000103\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RTU500 series CMU Firmware",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "12.0.*"
            },
            {
              "status": "affected",
              "version": "12.2.*"
            },
            {
              "status": "affected",
              "version": "12.4.*"
            },
            {
              "status": "affected",
              "version": "12.6.*"
            },
            {
              "status": "affected",
              "version": "12.7.*"
            },
            {
              "status": "affected",
              "version": "13.2.*"
            }
          ]
        }
      ],
      "datePublic": "2022-04-18T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-25T07:58:13.187Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000103\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRemediation available, see the advisory for details.\u003c/p\u003e"
            }
          ],
          "value": "Remediation available, see the advisory for details."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Specially Crafted Modbus TCP Packet Vulnerability in RTU500 series",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@hitachienergy.com",
          "DATE_PUBLIC": "2022-04-19T10:00:00.000Z",
          "ID": "CVE-2022-28613",
          "STATE": "PUBLIC",
          "TITLE": "Specially Crafted Modbus TCP Packet Vulnerability in RTU500 series"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RTU500 series CMU Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "12.0.*",
                            "version_value": "12.0.*"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "12.2.*",
                            "version_value": "12.2.*"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "12.4.*",
                            "version_value": "12.4.*"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "12.6.*",
                            "version_value": "12.6.*"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "12.7.*",
                            "version_value": "12.7.*"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "13.2.*",
                            "version_value": "13.2.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hitachi Energy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000103\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000103\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Remediation available, see the advisory for details."
          }
        ],
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2022-28613",
    "datePublished": "2022-05-02T19:01:06.262Z",
    "dateReserved": "2022-04-04T00:00:00.000Z",
    "dateUpdated": "2024-09-25T07:58:13.187Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28199 (GCVE-0-2022-28199)

Vulnerability from cvelistv5 – Published: 2022-09-01 16:20 – Updated: 2024-08-03 05:48
VLAI
Summary
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
NVIDIA NVIDIA FLARE Affected: mlnx_dpdk_19.11_1.*.* through mlnx_dpdk_20.11_1.0.0-4.*.*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5389"
          },
          {
            "name": "[oss-security] 20220906 Re: CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/06/2"
          },
          {
            "name": "20220907 Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NVIDIA FLARE",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "mlnx_dpdk_19.11_1.*.* through mlnx_dpdk_20.11_1.0.0-4.*.*"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NVIDIA\u2019s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-07T17:06:13.000Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5389"
        },
        {
          "name": "[oss-security] 20220906 Re: CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/06/2"
        },
        {
          "name": "20220907 Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2022-28199",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NVIDIA FLARE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "mlnx_dpdk_19.11_1.*.* through mlnx_dpdk_20.11_1.0.0-4.*.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NVIDIA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NVIDIA\u2019s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1284: Improper Validation of Specified Quantity in Input"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5389",
              "refsource": "MISC",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5389"
            },
            {
              "name": "[oss-security] 20220906 Re: CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/09/06/2"
            },
            {
              "name": "20220907 Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2022-28199",
    "datePublished": "2022-09-01T16:20:10.000Z",
    "dateReserved": "2022-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-03T05:48:37.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25769 (GCVE-0-2022-25769)

Vulnerability from cvelistv5 – Published: 2024-09-18 14:47 – Updated: 2024-09-18 21:28
VLAI
Title
Improper regex in htaccess file
Summary
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
Mautic Mautic Affected: < 3.3.5 (semver)
Affected: < 4.2.0 (semver)
Create a notification for this product.
mautic mautic Affected: 0 , < 3.3.5 (custom)
Affected: 0 , < 4.2.0 (custom)
    cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2022-03-02 14:47
Credits
Mattias Michaux Mattias Michaux John Linhart Zdeno Kuzmany
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mautic",
            "vendor": "mautic",
            "versions": [
              {
                "lessThan": "3.3.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25769",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T18:10:59.918348Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T18:12:16.003Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://packagist.org",
          "defaultStatus": "unaffected",
          "packageName": "mautic/core",
          "product": "Mautic",
          "repo": "https://github.com/mautic/mautic",
          "vendor": "Mautic",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.3.5",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003c 4.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mattias Michaux"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Mattias Michaux"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "John Linhart"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Zdeno Kuzmany"
        }
      ],
      "datePublic": "2022-03-02T14:47:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ch2\u003eImpact\u003c/h2\u003eThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\u003cbr\u003e\u003cbr\u003eThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
            }
          ],
          "value": "ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\n\nThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T21:28:12.305Z",
        "orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
        "shortName": "Mautic"
      },
      "references": [
        {
          "url": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56"
        },
        {
          "url": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to 3.3.5 or 4.2.0. \u003cbr\u003e\u003cbr\u003eIf you\u0027re using Mautic in a sub-folder with Apache \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(e.g. example.com/mautic)\u003c/span\u003e, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eplease review the guidance in \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986\"\u003ethis GitHub issue\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;before updating, as you will probably need to make some changes to the .htaccess file after you update.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Upgrade to 3.3.5 or 4.2.0. \n\nIf you\u0027re using Mautic in a sub-folder with Apache (e.g. example.com/mautic), please review the guidance in  this GitHub issue https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986 \u00a0before updating, as you will probably need to make some changes to the .htaccess file after you update."
        }
      ],
      "source": {
        "advisory": "GHSA-mj6m-246h-9w56",
        "discovery": "UNKNOWN"
      },
      "title": "Improper regex in htaccess file",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
    "assignerShortName": "Mautic",
    "cveId": "CVE-2022-25769",
    "datePublished": "2024-09-18T14:47:09.029Z",
    "dateReserved": "2022-02-22T20:17:36.804Z",
    "dateUpdated": "2024-09-18T21:28:12.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22166 (GCVE-0-2022-22166)

Vulnerability from cvelistv5 – Published: 2022-01-19 00:21 – Updated: 2024-09-16 18:39
VLAI
Title
Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received
Summary
An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
  • Denial of Service (DoS)
Assigner
References
URL Tags
https://kb.juniper.net/JSA11274 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Unaffected: unspecified , < 20.4R1 (custom)
Affected: 20.4 , < 20.4R3-S1 (custom)
Affected: 21.1 , < 21.1R2-S2, 21.1R3 (custom)
Create a notification for this product.
Date Public
2022-01-12 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:49.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11274"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S1",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R2-S2, 21.1R3",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The following two configuration line are both required for the issue to be seen: \n  [ protocols bgp ... family \u003cfamily\u003e segment-routing-te ] \n  [ protocols bgp ... traceoptions flag update ]"
        }
      ],
      "datePublic": "2022-01-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-19T00:21:11.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11274"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11274",
        "defect": [
          "1598850"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received",
      "workarounds": [
        {
          "lang": "en",
          "value": "Please remove the BGP update trace configuration that\u0027s applicable.\n\n  [ protocols bgp ... traceoptions flag update ]"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
          "ID": "CVE-2022-22166",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R3-S1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "21.1",
                            "version_value": "21.1R2-S2, 21.1R3"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_value": "20.4R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "The following two configuration line are both required for the issue to be seen: \n  [ protocols bgp ... family \u003cfamily\u003e segment-routing-te ] \n  [ protocols bgp ... traceoptions flag update ]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1284 Improper Validation of Specified Quantity in Input"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11274",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11274"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11274",
          "defect": [
            "1598850"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Please remove the BGP update trace configuration that\u0027s applicable.\n\n  [ protocols bgp ... traceoptions flag update ]"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2022-22166",
    "datePublished": "2022-01-19T00:21:11.594Z",
    "dateReserved": "2021-12-21T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:39:36.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-4990 (GCVE-0-2022-4990)

Vulnerability from cvelistv5 – Published: 2026-07-03 02:00 – Updated: 2026-07-17 06:00
VLAI
Summary
** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
ASUS AI Suite 3 Affected: 0 , < v3.03.00 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T15:41:45.463608Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T15:41:55.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AI Suite 3",
          "vendor": "ASUS",
          "versions": [
            {
              "lessThan": "v3.03.00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:asus:ai_suite_3:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "v3.03.00",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3\u0026nbsp;driver\u0026nbsp;allows a local user to bypass security validation and\u0026nbsp;access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.\u003cbr\u003eRefer to the \u0027End-of-Life Notice and Driver Update for Legacy ASUS Drivers\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information.\u003c/p\u003e"
            }
          ],
          "value": "** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3\u00a0driver\u00a0allows a local user to bypass security validation and\u00a0access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.\nRefer to the \u0027End-of-Life Notice and Driver Update for Legacy ASUS Drivers\u00a0\u0027 section on the ASUS Security Advisory for more information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-17T06:00:36.108Z",
        "orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
        "shortName": "ASUS"
      },
      "references": [
        {
          "url": "https://www.asus.com/security-advisory"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
    "assignerShortName": "ASUS",
    "cveId": "CVE-2022-4990",
    "datePublished": "2026-07-03T02:00:47.500Z",
    "dateReserved": "2026-05-19T06:00:30.357Z",
    "dateUpdated": "2026-07-17T06:00:36.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.