Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

686 vulnerabilities reference this CWE, most recent first.

GHSA-Q8P5-C986-46JG

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02
VLAI
Details

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-17T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC-NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.",
  "id": "GHSA-q8p5-c986-46jg",
  "modified": "2022-05-13T01:02:36Z",
  "published": "2022-05-13T01:02:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6575"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFQ2-V5PR-268P

Vulnerability from github – Published: 2021-12-09 00:00 – Updated: 2021-12-14 00:01
VLAI
Details

An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25516"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.",
  "id": "GHSA-qfq2-v5pr-268p",
  "modified": "2021-12-14T00:01:39Z",
  "published": "2021-12-09T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25516"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QHM5-6Q48-XXP4

Vulnerability from github – Published: 2023-04-25 18:30 – Updated: 2024-04-04 03:40
VLAI
Details

No exception handling vulnerability which revealed sensitive or excessive information to users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-25T18:15:09Z",
    "severity": "HIGH"
  },
  "details": "No exception handling vulnerability which revealed sensitive or excessive information to users.",
  "id": "GHSA-qhm5-6q48-xxp4",
  "modified": "2024-04-04T03:40:47Z",
  "published": "2023-04-25T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23837"
    },
    {
      "type": "WEB",
      "url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm"
    },
    {
      "type": "WEB",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJ59-CXRX-FR36

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2026-05-29 15:30
VLAI
Details

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-22T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.",
  "id": "GHSA-qj59-cxrx-fr36",
  "modified": "2026-05-29T15:30:21Z",
  "published": "2022-05-24T16:46:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7852"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJQC-88Q2-GP64

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-09T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.",
  "id": "GHSA-qjqc-88q2-gp64",
  "modified": "2022-05-24T17:47:00Z",
  "published": "2022-05-24T17:47:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25365"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMG7-32MC-92P9

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-10-22 00:31
VLAI
Details

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-28T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.",
  "id": "GHSA-qmg7-32mc-92p9",
  "modified": "2025-10-22T00:31:30Z",
  "published": "2022-05-13T01:17:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0155"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0155"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103565"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040587"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QP86-F9FH-JG8P

Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-10-27 19:00
VLAI
Details

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-29T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.",
  "id": "GHSA-qp86-f9fh-jg8p",
  "modified": "2022-10-27T19:00:33Z",
  "published": "2022-05-24T17:49:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1495"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5354"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ36-8WWJ-QJ84

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-07-13 00:00
VLAI
Details

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-22T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500.",
  "id": "GHSA-qq36-8wwj-qj84",
  "modified": "2022-07-13T00:00:52Z",
  "published": "2022-05-24T17:44:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9213"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-02-dos-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQV8-4FRH-3WCG

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-12T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-qqv8-4frh-3wcg",
  "modified": "2022-05-24T17:34:14Z",
  "published": "2022-05-24T17:34:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8767"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00400"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QR9H-VR5P-PWWX

Vulnerability from github – Published: 2021-04-12 18:59 – Updated: 2022-04-18 21:56
VLAI
Summary
Denial of Service (DoS) in restify-paginate
Details

The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "restify-paginate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-27543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-16T00:43:59Z",
    "nvd_published_at": "2021-02-25T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.",
  "id": "GHSA-qr9h-vr5p-pwwx",
  "modified": "2022-04-18T21:56:34Z",
  "published": "2021-04-12T18:59:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27543"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paulvarache/restify-paginate"
    },
    {
      "type": "WEB",
      "url": "https://github.com/secoats/cve/tree/master/CVE-2020-27543_dos_restify-paginate"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210401-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/restify-paginate"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of Service (DoS) in restify-paginate"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.