Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5426 vulnerabilities reference this CWE, most recent first.

CVE-2023-45196 (GCVE-0-2023-45196)

Vulnerability from cvelistv5 – Published: 2024-06-24 20:48 – Updated: 2024-08-02 20:14
VLAI
Title
Adminer and AdminerEvo denial of service via HTTP redirect
Summary
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
Adminer Adminer Affected: 0 , ≤ * (custom)
Affected: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* , ≤ cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* (cpe)
    cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*
Create a notification for this product.
AdminerEvo AdminerEvo Affected: 4.8.2 , < 4.8.4 (custom)
Affected: cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:* , < cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:* (cpe)
    cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-07 15:37
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:20:08.611689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:20:53.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:20.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
            "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Adminer",
          "vendor": "Adminer",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
              "status": "affected",
              "version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "AdminerEvo",
          "repo": "https://github.com/adminerevo/adminerevo",
          "vendor": "AdminerEvo",
          "versions": [
            {
              "lessThan": "4.8.4",
              "status": "affected",
              "version": "4.8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
              "status": "affected",
              "version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        }
      ],
      "datePublic": "2024-04-07T15:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAdminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-24T20:48:21.534Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Adminer and AdminerEvo denial of service via HTTP redirect",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2023-45196",
    "datePublished": "2024-06-24T20:48:21.534Z",
    "dateReserved": "2023-10-05T03:54:13.664Z",
    "dateUpdated": "2024-08-02T20:14:20.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45150 (GCVE-0-2023-45150)

Vulnerability from cvelistv5 – Published: 2023-10-16 19:06 – Updated: 2024-09-16 14:31
VLAI
Title
Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive
Summary
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
nextcloud security-advisories Affected: >= 1.0.0, < 4.4.4
Create a notification for this product.
nextcloud calendar Affected: 1.0.0 , < 4.4.4 (custom)
    cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:19.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r936-8gwm-w452",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r936-8gwm-w452"
          },
          {
            "name": "https://github.com/nextcloud/calendar/pull/5358",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/calendar/pull/5358"
          },
          {
            "name": "https://hackerone.com/reports/2058337",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2058337"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "calendar",
            "vendor": "nextcloud",
            "versions": [
              {
                "lessThan": "4.4.4",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45150",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T14:21:52.639896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T14:31:05.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 4.4.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-16T19:06:03.674Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r936-8gwm-w452",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r936-8gwm-w452"
        },
        {
          "name": "https://github.com/nextcloud/calendar/pull/5358",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/calendar/pull/5358"
        },
        {
          "name": "https://hackerone.com/reports/2058337",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/2058337"
        }
      ],
      "source": {
        "advisory": "GHSA-r936-8gwm-w452",
        "discovery": "UNKNOWN"
      },
      "title": "Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-45150",
    "datePublished": "2023-10-16T19:06:03.674Z",
    "dateReserved": "2023-10-04T16:02:46.331Z",
    "dateUpdated": "2024-09-16T14:31:05.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45028 (GCVE-0-2023-45028)

Vulnerability from cvelistv5 – Published: 2024-02-02 16:05 – Updated: 2024-08-02 20:14
VLAI
Title
QTS, QuTS hero, QuTScloud
Summary
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.1.x , < 5.1.5.2645 build 20240116 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.1.x , < h5.1.5.2647 build 20240118 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTScloud Affected: c5.x.x , < c5.1.5.2651 (custom)
Create a notification for this product.
Credits
Jiaxu Zhao && Bingwei Peng
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-08T21:52:10.291213Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:19:56.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:18.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qnap.com/en/security-advisory/qsa-24-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.1.5.2645 build 20240116",
              "status": "affected",
              "version": "5.1.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.1.5.2647 build 20240118",
              "status": "affected",
              "version": "h5.1.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTScloud",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "c5.1.5.2651",
              "status": "affected",
              "version": "c5.x.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jiaxu Zhao \u0026\u0026 Bingwei Peng"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.5.2645 build 20240116 and later\u003cbr\u003eQuTS hero h5.1.5.2647 build 20240118 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
            }
          ],
          "value": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130"
            }
          ]
        },
        {
          "capecId": "CAPEC-227",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-227"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-770",
              "description": "CWE-770",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-02T16:05:20.257Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-24-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.5.2645 build 20240116 and later\u003cbr\u003eQuTS hero h5.1.5.2647 build 20240118 and later\u003cbr\u003eQuTScloud c5.1.5.2651 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n"
        }
      ],
      "source": {
        "advisory": "QSA-24-02",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero, QuTScloud",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2023-45028",
    "datePublished": "2024-02-02T16:05:20.257Z",
    "dateReserved": "2023-10-03T08:58:08.182Z",
    "dateUpdated": "2024-08-02T20:14:18.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-44388 (GCVE-0-2023-44388)

Vulnerability from cvelistv5 – Published: 2023-10-16 21:11 – Updated: 2024-09-16 15:42
VLAI
Title
Malicious requests can fill up the log files resulting in a deinal of service in Discourse
Summary
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
discourse discourse Affected: stable <= 3.1.1
Affected: beta <= 3.2.0.beta2
Create a notification for this product.
discourse discourse Affected: 0 , < 3.1.2 (custom)
Affected: 0 , < 3.2.0.beta2 (custom)
    cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:07:32.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"
          },
          {
            "name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "discourse",
            "vendor": "discourse",
            "versions": [
              {
                "lessThan": "3.1.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.2.0.beta2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T14:58:50.184229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T15:42:30.893Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "discourse",
          "vendor": "discourse",
          "versions": [
            {
              "status": "affected",
              "version": "stable \u003c= 3.1.1"
            },
            {
              "status": "affected",
              "version": "beta \u003c= 3.2.0.beta2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-16T21:11:26.719Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq"
        },
        {
          "name": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size"
        }
      ],
      "source": {
        "advisory": "GHSA-89h3-g746-xmwq",
        "discovery": "UNKNOWN"
      },
      "title": "Malicious requests can fill up the log files resulting in a deinal of service in Discourse"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-44388",
    "datePublished": "2023-10-16T21:11:26.719Z",
    "dateReserved": "2023-09-28T17:56:32.613Z",
    "dateUpdated": "2024-09-16T15:42:30.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-44321 (GCVE-0-2023-44321)

Vulnerability from cvelistv5 – Published: 2023-11-14 11:04 – Updated: 2026-02-25 16:51
VLAI
Summary
Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
Impacted products
Vendor Product Version
Siemens RUGGEDCOM RM1224 LTE(4G) EU Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RM1224 LTE(4G) NAM Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M804PB Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M812-1 ADSL-Router family Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M816-1 ADSL-Router family Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M826-2 SHDSL-Router Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M874-2 Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M874-3 Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M874-3 3G-Router (CN) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 (ROK) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (EU) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (NAM) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (A1) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (B1) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (EU) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (A1) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (B1) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (CN) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (EU) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (RoW) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE S615 EEC LAN-Router Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE S615 LAN-Router Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3 (SC, PN) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3 (ST, E/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3 (ST, PN) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3LD (SC, E/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3LD (SC, PN) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB206-2 (SC) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB206-2 (ST/BFOC) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB206-2 LD Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB206-2 SC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB206-2 ST Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB206-2LD Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB208 (E/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB208 (PN) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (SC, E/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (SC, PN) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (ST, E/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (ST, PN) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3LD (SC, E/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3LD (SC, PN) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB216 (E/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XB216 (PN) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2 (SC) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2 (ST/BFOC) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE (54 V DC) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE EEC (54 V DC) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G (EIP DEF.) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC208 Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC208EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G (EIP def.) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G PoE Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G PoE (54 V DC) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC216 Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-3G PoE Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-3G PoE (54 V DC) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G (EIP Def.) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC216EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC224 Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G (EIP Def.) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XF204 Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XF204 DNA Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XF204-2BA Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XF204-2BA DNA Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XF204G Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208 Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208 (Ethernet/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208G Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208G EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208G PoE EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208G PP Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208PoE EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216 Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216 (Ethernet/IP) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216 (V2) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216EEC (V2) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216G Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216G EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216G PoE EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216POE EEC Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP216PoE EEC (V2) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR324WG (24 x FE, AC 230V) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR324WG (24 X FE, DC 24V) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR326-2C PoE WG Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR326-2C PoE WG (without UL) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (28xGE, AC 230V) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (28xGE, DC 24V) Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC206-2 Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC206-2SFP Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC208 Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC216-4C Affected: 0 , < V4.6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:59:51.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44321",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-06T05:01:06.588812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T16:51:10.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M804PB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router family",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router family",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M826-2 SHDSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3 3G-Router (CN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3 (ROK)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (NAM)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (A1)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (B1)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (A1)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (B1)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (CN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (RoW)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 EEC LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3LD (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3LD (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB206-2 (SC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB206-2 (ST/BFOC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB206-2 LD",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB206-2 SC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB206-2 ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB206-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB208 (E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB208 (PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (ST, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3LD (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3LD (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB216 (E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB216 (PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2 (SC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2 (ST/BFOC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE EEC (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G (EIP DEF.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G (EIP def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-3G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-3G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G (EIP Def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G (EIP Def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204 DNA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA DNA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208 (Ethernet/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208G PoE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208G PP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208PoE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208PoE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216 (Ethernet/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216 (V2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216EEC (V2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216G PoE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216POE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216PoE EEC (V2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324WG (24 x FE, AC 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324WG (24 X FE, DC 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR326-2C PoE WG",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR326-2C PoE WG (without UL)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC206-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC206-2SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC216-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T11:16:24.371Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-44321",
    "datePublished": "2023-11-14T11:04:02.880Z",
    "dateReserved": "2023-09-28T16:18:45.648Z",
    "dateUpdated": "2026-02-25T16:51:10.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-43810 (GCVE-0-2023-43810)

Vulnerability from cvelistv5 – Published: 2023-10-06 13:53 – Updated: 2024-09-19 18:45
VLAI
Title
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics
Summary
OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:52:11.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/open-telemetry/opentelemetry-python-contrib/security/advisories/GHSA-5rv5-6h4r-h22v",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/open-telemetry/opentelemetry-python-contrib/security/advisories/GHSA-5rv5-6h4r-h22v"
          },
          {
            "name": "https://github.com/open-telemetry/opentelemetry-python-contrib/commit/6007e0c013071e7f8b9612d3bc68aeb9d600d74e",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/open-telemetry/opentelemetry-python-contrib/commit/6007e0c013071e7f8b9612d3bc68aeb9d600d74e"
          },
          {
            "name": "https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.41b0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.41b0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43810",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T18:44:51.665115Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T18:45:01.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "opentelemetry-python-contrib",
          "vendor": "open-telemetry",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.41b0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-06T13:53:17.622Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/open-telemetry/opentelemetry-python-contrib/security/advisories/GHSA-5rv5-6h4r-h22v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-python-contrib/security/advisories/GHSA-5rv5-6h4r-h22v"
        },
        {
          "name": "https://github.com/open-telemetry/opentelemetry-python-contrib/commit/6007e0c013071e7f8b9612d3bc68aeb9d600d74e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-python-contrib/commit/6007e0c013071e7f8b9612d3bc68aeb9d600d74e"
        },
        {
          "name": "https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.41b0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.41b0"
        }
      ],
      "source": {
        "advisory": "GHSA-5rv5-6h4r-h22v",
        "discovery": "UNKNOWN"
      },
      "title": "opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-43810",
    "datePublished": "2023-10-06T13:53:17.622Z",
    "dateReserved": "2023-09-22T14:51:42.341Z",
    "dateUpdated": "2024-09-19T18:45:01.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-43786 (GCVE-0-2023-43786)

Vulnerability from cvelistv5 – Published: 2023-10-10 12:26 – Updated: 2025-11-06 22:59
VLAI
Title
Libx11: stack exhaustion from infinite recursion in putsubimage()
Summary
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 3.5.17 (semver)
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.6.8-8.el8 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.7.0-9.el9 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Date Public
2023-10-04 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43786",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T16:06:07.325768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:25:57.723Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:25:13.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9"
          },
          {
            "name": "RHSA-2024:2145",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2145"
          },
          {
            "name": "RHSA-2024:2973",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2973"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-43786"
          },
          {
            "name": "RHBZ#2242253",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231103-0006/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libxpm",
          "defaultStatus": "unaffected",
          "packageName": "libXpm",
          "versions": [
            {
              "lessThan": "3.5.17",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libX11",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.8-8.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libX11",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.7.0-9.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libX11",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libX11",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T22:59:38.283Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2145",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2145"
        },
        {
          "name": "RHSA-2024:2973",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2973"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-43786"
        },
        {
          "name": "RHBZ#2242253",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-05T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-10-04T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libx11: stack exhaustion from infinite recursion in putsubimage()",
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-43786",
    "datePublished": "2023-10-10T12:26:07.399Z",
    "dateReserved": "2023-09-22T09:52:31.108Z",
    "dateUpdated": "2025-11-06T22:59:38.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-43775 (GCVE-0-2023-43775)

Vulnerability from cvelistv5 – Published: 2023-09-26 13:50 – Updated: 2024-09-24 13:19
VLAI
Title
Security issue in SMP Gateway automation platform
Summary
Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
Impacted products
Vendor Product Version
Eaton SMP SG-4260 Affected: 8.0 , < 8.0R9 (custom)
Affected: 8.1 , < 8.1R5 (custom)
Affected: 8.2 , < 8.2R4 (custom)
Create a notification for this product.
Eaton SMP SG-4250 Affected: 7.0
Affected: 7.1
Affected: 7.2
Affected: 8.0 , < 8.0R9 (custom)
Affected: 8.1 , < 8.1R5 (custom)
Affected: 8.2 , < 8.2R4 (custom)
Create a notification for this product.
Eaton SMP 4/DP Affected: 6.3
Affected: 7.0
Affected: 7.1
Affected: 7.2
Affected: 8.0 , < 8.0R9 (custom)
Affected: 8.1 , < 8.1R5 (custom)
Affected: 8.2 , < 8.2R4 (custom)
Create a notification for this product.
Eaton SMP 16 Affected: 6.3
Affected: 7.0
Affected: 7.1
Affected: 7.2
Affected: 8.0 , < 8.0R9 (custom)
Create a notification for this product.
Date Public
2023-09-28 13:49
Credits
Communications Security Establishment, Canada.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:52:11.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43775",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T13:19:33.279087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T13:19:42.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SMP SG-4260",
          "vendor": "Eaton",
          "versions": [
            {
              "lessThan": "8.0R9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1R5",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2R4",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP SG-4250",
          "vendor": "Eaton",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "lessThan": "8.0R9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1R5",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2R4",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP 4/DP",
          "vendor": "Eaton",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "lessThan": "8.0R9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1R5",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2R4",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP 16",
          "vendor": "Eaton",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "lessThan": "8.0R9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Communications Security Establishment, Canada."
        }
      ],
      "datePublic": "2023-09-28T13:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows \n\nattacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\nnot vulnerable anymore.\u003cbr\u003e"
            }
          ],
          "value": "Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows \n\nattacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\nnot vulnerable anymore.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-28T20:29:16.284Z",
        "orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
        "shortName": "Eaton"
      },
      "references": [
        {
          "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Security issue in SMP Gateway automation platform",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
    "assignerShortName": "Eaton",
    "cveId": "CVE-2023-43775",
    "datePublished": "2023-09-26T13:50:13.211Z",
    "dateReserved": "2023-09-22T05:10:55.258Z",
    "dateUpdated": "2024-09-24T13:19:42.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-43646 (GCVE-0-2023-43646)

Vulnerability from cvelistv5 – Published: 2023-09-26 18:19 – Updated: 2024-09-24 17:26
VLAI
Title
Inefficient Regular Expression Complexity in get-func-name
Summary
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
chaijs get-func-name Affected: < 2.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:44:43.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5"
          },
          {
            "name": "https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43646",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T17:25:36.130206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T17:26:54.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "get-func-name",
          "vendor": "chaijs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "get-func-name is a module to retrieve a function\u0027s name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: \u0027\\t\u0027.repeat(54773) + \u0027\\t/function/i\u0027. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-26T18:19:29.443Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5"
        },
        {
          "name": "https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69"
        }
      ],
      "source": {
        "advisory": "GHSA-4q6p-r6v2-jvc5",
        "discovery": "UNKNOWN"
      },
      "title": "Inefficient Regular Expression Complexity in get-func-name"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-43646",
    "datePublished": "2023-09-26T18:19:29.443Z",
    "dateReserved": "2023-09-20T15:35:38.146Z",
    "dateUpdated": "2024-09-24T17:26:54.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-43622 (GCVE-0-2023-43622)

Vulnerability from cvelistv5 – Published: 2023-10-23 06:50 – Updated: 2025-02-13 17:13
VLAI
Title
Apache HTTP Server: DoS in HTTP/2 with initial windows size 0
Summary
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
Severity
No CVSS data available.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache HTTP Server Affected: 2.4.55 , ≤ 2.4.57 (semver)
Create a notification for this product.
Credits
Prof. Sven Dietrich (City University of New York) Isa Jafarov (City University of New York) Prof. Heejo Lee (Korea University) Choongin Lee (Korea University)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:44:43.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43622",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T16:02:28.689513Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T14:19:24.281Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.57",
              "status": "affected",
              "version": "2.4.55",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Prof. Sven Dietrich (City University of New York)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Isa Jafarov (City University of New York)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Prof. Heejo Lee (Korea University)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Choongin Lee (Korea University)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\u003cbr\u003e\u003cp\u003eThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.58, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\n\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-27T14:06:25.665Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-09-15T09:51:00.000Z",
          "value": "reported"
        }
      ],
      "title": "Apache HTTP Server: DoS in HTTP/2 with initial windows size 0",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-43622",
    "datePublished": "2023-10-23T06:50:51.555Z",
    "dateReserved": "2023-09-20T07:45:21.299Z",
    "dateUpdated": "2025-02-13T17:13:24.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.