CWE-502
AllowedDeserialization of Untrusted Data
Abstraction: Base · Status: Draft
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
4801 vulnerabilities reference this CWE, most recent first.
CVE-2022-33315 (GCVE-0-2022-33315)
Vulnerability from cvelistv5 – Published: 2022-07-20 16:55 – Updated: 2026-01-09 04:58- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
| https://jvn.jp/vu/JVNVU96480474/index.html | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric | GENESIS64 |
Affected:
Versions 10.97 to 10.97.1
|
|
| Mitsubishi Electric Iconics Digital Solutions | GENESIS64 |
Affected:
Versions 10.97 to 10.97.1
|
|
| Mitsubishi Electric | ICONICS Suite |
Affected:
Versions 10.97 to 10.97.1
|
|
| Mitsubishi Electric Iconics Digital Solutions | ICONICS Suite |
Affected:
Versions 10.97 to 10.97.1
|
|
| Mitsubishi Electric | MC Works64 |
Affected:
Versions 4.04E and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96480474/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Versions 10.97 to 10.97.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Versions 10.97 to 10.97.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Versions 10.97 to 10.97.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "Versions 10.97 to 10.97.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Versions 4.04E and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes."
}
],
"value": "Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T04:58:25.913Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU96480474/index.html"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-33315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64",
"version": {
"version_data": [
{
"version_value": "ICONICS GENESIS64 versions 10.97.1 and prior"
},
{
"version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96480474/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96480474/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-33315",
"datePublished": "2022-07-20T16:55:13.000Z",
"dateReserved": "2022-06-14T00:00:00.000Z",
"dateUpdated": "2026-01-09T04:58:25.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-32521 (GCVE-0-2022-32521)
Vulnerability from cvelistv5 – Published: 2023-01-30 00:00 – Updated: 2025-02-05 20:07- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Data Center Expert |
Affected:
All , < V7.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-165-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-32521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:52:33.537984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:07:44.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Data Center Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V7.9.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-165-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-32521",
"datePublished": "2023-01-30T00:00:00.000Z",
"dateReserved": "2022-06-07T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:07:44.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32224 (GCVE-0-2022-32224)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2026-05-11 16:53- CWE-502 - Deserialization of Untrusted Data (CWE-502)
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | https://github.com/rails/rails |
Affected:
7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-11T16:53:19.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T15:17:17.965566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:17:29.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record \u003c 7.0.3.1, \u003c6.1.6.1, \u003c6.0.5.1 and \u003c5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data (CWE-502)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j"
},
{
"url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32224",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2026-05-11T16:53:19.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-31605 (GCVE-0-2022-31605)
Vulnerability from cvelistv5 – Published: 2022-07-01 17:15 – Updated: 2024-08-03 07:26- CWE-502 - Allocation of Resources Without Limits or Throttling
| URL | Tags |
|---|---|
| https://github.com/NVIDIA/NVFlare/security/adviso… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NVIDIA FLARE |
Affected:
All versions prior to 2.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA FLARE",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T17:15:22.000Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA FLARE",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.1.2"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366",
"refsource": "MISC",
"url": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-31605",
"datePublished": "2022-07-01T17:15:22.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:26:00.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31604 (GCVE-0-2022-31604)
Vulnerability from cvelistv5 – Published: 2022-07-01 17:15 – Updated: 2024-08-03 07:26- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://github.com/NVIDIA/NVFlare/security/adviso… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NVIDIA FLARE |
Affected:
All versions prior to 2.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA FLARE",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T17:15:21.000Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA FLARE",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.1.2"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h",
"refsource": "MISC",
"url": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-31604",
"datePublished": "2022-07-01T17:15:21.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:26:00.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31115 (GCVE-0-2022-31115)
Vulnerability from cvelistv5 – Published: 2022-06-30 21:55 – Updated: 2025-04-22 17:52- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://github.com/opensearch-project/opensearch-… | x_refsource_CONFIRM |
| https://github.com/opensearch-project/opensearch-… | x_refsource_MISC |
| https://staaldraad.github.io/post/2021-01-09-univ… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| opensearch-project | opensearch-ruby |
Affected:
< 2.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/opensearch-project/opensearch-ruby/security/advisories/GHSA-977c-63xq-cgw3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensearch-project/opensearch-ruby/pull/77"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31115",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:42:50.945376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:52:35.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opensearch-ruby",
"vendor": "opensearch-project",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T21:55:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opensearch-project/opensearch-ruby/security/advisories/GHSA-977c-63xq-cgw3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensearch-project/opensearch-ruby/pull/77"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/"
}
],
"source": {
"advisory": "GHSA-977c-63xq-cgw3",
"discovery": "UNKNOWN"
},
"title": "Unsafe YAML deserialization in opensearch-ruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31115",
"STATE": "PUBLIC",
"TITLE": "Unsafe YAML deserialization in opensearch-ruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "opensearch-ruby",
"version": {
"version_data": [
{
"version_value": "\u003c 2.0.1"
}
]
}
}
]
},
"vendor_name": "opensearch-project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/opensearch-project/opensearch-ruby/security/advisories/GHSA-977c-63xq-cgw3",
"refsource": "CONFIRM",
"url": "https://github.com/opensearch-project/opensearch-ruby/security/advisories/GHSA-977c-63xq-cgw3"
},
{
"name": "https://github.com/opensearch-project/opensearch-ruby/pull/77",
"refsource": "MISC",
"url": "https://github.com/opensearch-project/opensearch-ruby/pull/77"
},
{
"name": "https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/",
"refsource": "MISC",
"url": "https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/"
}
]
},
"source": {
"advisory": "GHSA-977c-63xq-cgw3",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31115",
"datePublished": "2022-06-30T21:55:11.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:52:35.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29875 (GCVE-0-2022-29875)
Vulnerability from cvelistv5 – Published: 2022-06-01 09:50 – Updated: 2024-08-03 06:33- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://www.siemens-healthineers.com/support-docu… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Biograph Horizon PET/CT Systems |
Affected:
All VJ30 versions < VJ30C-UD01
|
|
| Siemens | MAGNETOM Family |
Affected:
NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A
|
|
| Siemens | MAMMOMAT Revelation |
Affected:
All VC20 versions < VC20D
|
|
| Siemens | NAEOTOM Alpha |
Affected:
All VA40 versions < VA40 SP2
|
|
| Siemens | SOMATOM X.cite |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM X.creed |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.All |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Now |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Open Pro |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Sim |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Top |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | SOMATOM go.Up |
Affected:
All versions < VA30 SP5 or VA40 SP2
|
|
| Siemens | Symbia E/S |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia Evo |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia Intevo |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia T |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | Symbia.net |
Affected:
All VB22 versions < VB22A-UD03
|
|
| Siemens | syngo.via VB10 |
Affected:
All versions
|
|
| Siemens | syngo.via VB20 |
Affected:
All versions
|
|
| Siemens | syngo.via VB30 |
Affected:
All versions
|
|
| Siemens | syngo.via VB40 |
Affected:
All versions < VB40B HF06
|
|
| Siemens | syngo.via VB50 |
Affected:
All versions
|
|
| Siemens | syngo.via VB60 |
Affected:
All versions < VB60B HF02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Biograph Horizon PET/CT Systems",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VJ30 versions \u003c VJ30C-UD01"
}
]
},
{
"product": "MAGNETOM Family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
}
]
},
{
"product": "MAMMOMAT Revelation",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VC20 versions \u003c VC20D"
}
]
},
{
"product": "NAEOTOM Alpha",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VA40 versions \u003c VA40 SP2"
}
]
},
{
"product": "SOMATOM X.cite",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM X.creed",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.All",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Now",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Open Pro",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Sim",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Top",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "SOMATOM go.Up",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
},
{
"product": "Symbia E/S",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia Evo",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia Intevo",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia T",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "Symbia.net",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All VB22 versions \u003c VB22A-UD03"
}
]
},
{
"product": "syngo.via VB10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB20",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB30",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB40",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VB40B HF06"
}
]
},
{
"product": "syngo.via VB50",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "syngo.via VB60",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VB60B HF02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T09:50:10.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Biograph Horizon PET/CT Systems",
"version": {
"version_data": [
{
"version_value": "All VJ30 versions \u003c VJ30C-UD01"
}
]
}
},
{
"product_name": "MAGNETOM Family",
"version": {
"version_data": [
{
"version_value": "NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A"
}
]
}
},
{
"product_name": "MAMMOMAT Revelation",
"version": {
"version_data": [
{
"version_value": "All VC20 versions \u003c VC20D"
}
]
}
},
{
"product_name": "NAEOTOM Alpha",
"version": {
"version_data": [
{
"version_value": "All VA40 versions \u003c VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM X.cite",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM X.creed",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.All",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Now",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Open Pro",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Sim",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Top",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "SOMATOM go.Up",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VA30 SP5 or VA40 SP2"
}
]
}
},
{
"product_name": "Symbia E/S",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia Evo",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia Intevo",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia T",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "Symbia.net",
"version": {
"version_data": [
{
"version_value": "All VB22 versions \u003c VB22A-UD03"
}
]
}
},
{
"product_name": "syngo.via VB10",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB20",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB30",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB40",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VB40B HF06"
}
]
}
},
{
"product_name": "syngo.via VB50",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "syngo.via VB60",
"version": {
"version_data": [
{
"version_value": "All versions \u003c VB60B HF02"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016",
"refsource": "MISC",
"url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29875",
"datePublished": "2022-06-01T09:50:11.000Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:42.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29615 (GCVE-0-2022-29615)
Vulnerability from cvelistv5 – Published: 2022-06-14 18:34 – Updated: 2024-08-03 06:26| URL | Tags |
|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-16… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3202846 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP NetWeaver Developer Studio (NWDS) |
Affected:
7.50
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3202846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Developer Studio (NWDS)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application\u0027s confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T18:34:07.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3202846"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-29615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Developer Studio (NWDS)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application\u0027s confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3202846",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3202846"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-29615",
"datePublished": "2022-06-14T18:34:07.000Z",
"dateReserved": "2022-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:06.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29063 (GCVE-0-2022-29063)
Vulnerability from cvelistv5 – Published: 2022-09-02 07:10 – Updated: 2024-08-03 06:10- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/ytzrjc16pf357zntw… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/09/02/6 | mailing-listx_refsource_MLIST |
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache OFBiz |
Affected:
Apache OFBiz , ≤ 18.12.05
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105"
},
{
"name": "[oss-security] 20220902 Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OFBiz",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "18.12.05",
"status": "affected",
"version": "Apache OFBiz",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matei \"Mal\" Badanoiu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T11:06:11.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105"
},
{
"name": "[oss-security] 20220902 Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-29063",
"STATE": "PUBLIC",
"TITLE": "Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OFBiz",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache OFBiz",
"version_value": "18.12.05"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matei \"Mal\" Badanoiu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105"
},
{
"name": "[oss-security] 20220902 Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/6"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-29063",
"datePublished": "2022-09-02T07:10:19.000Z",
"dateReserved": "2022-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:10:59.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28685 (GCVE-0-2022-28685)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:02- CWE-502 - Deserialization of Untrusted Data
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1124/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:01:41.749119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:02:25.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020 SP2 Patch 0(4201.2111.1802.0000)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of APP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17212."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1124/"
},
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-28685",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:02:25.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Explicitly define a final object() to prevent deserialization.
Mitigation
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.