CWE-334

Small Space of Random Values

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

CVE-2024-54017 (GCVE-0-2024-54017)

Vulnerability from cvelistv5 – Published: 2026-05-12 08:20 – Updated: 2026-05-13 09:53
VLAI
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST86 (CP300) (All versions < V11.0), SIPROTEC 5 7SX82 (CP150) (All versions < V11.0), SIPROTEC 5 7SX85 (CP300) (All versions < V11.0), SIPROTEC 5 7SY82 (CP150) (All versions < V11.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VU85 (CP300) (All versions < V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V11.0). Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization.
Severity
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CWE
  • CWE-334 - Small Space of Random Values
Assigner
References
Impacted products
Vendor Product Version
Siemens SIPROTEC 5 6MD84 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD86 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD89 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MU85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7KE85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7KE85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA82 (CP100) Affected: V7.80 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA84 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA86 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA87 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD82 (CP100) Affected: V7.80 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD84 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD86 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD87 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ81 (CP100) Affected: V7.80 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ81 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ82 (CP100) Affected: V7.80 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ86 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK82 (CP100) Affected: V7.80 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL82 (CP100) Affected: V7.80 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL86 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL87 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SS85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SS85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST86 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SX82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SX85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SY82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UM85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT82 (CP100) Affected: V7.80 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT86 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT87 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VE85 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VK87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VK87 (CP300) Affected: V7.80 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VU85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Compact 7SX800 (CP050) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T01:41:04.761307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T09:53:38.499Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD84 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD89 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7KE85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7KE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA84 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD84 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ81 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ81 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SS85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SS85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SY82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UM85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VK87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VK87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Compact 7SX800 (CP050)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SA82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SD82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SK82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SL82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7UT82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V11.0), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V11.0). Affected devices do not use  sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited  information from the web server without authorization."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-334",
              "description": "CWE-334: Small Space of Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T08:20:38.130Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-786884.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-54017",
    "datePublished": "2026-05-12T08:20:38.130Z",
    "dateReserved": "2024-11-27T12:09:07.611Z",
    "dateUpdated": "2026-05-13T09:53:38.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6890 (GCVE-0-2024-6890)

Vulnerability from cvelistv5 – Published: 2024-08-07 23:09 – Updated: 2024-08-08 13:28
VLAI
Title
Journyx Unauthenticated Password Reset Bruteforce
Summary
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.
Severity
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
  • CWE-334 - Small Space of Random Values
  • CWE-799 - Improper Control of Interaction Frequency
Assigner
References
Impacted products
Vendor Product Version
Journyx Journyx (jtime) Affected: 11.5.4
Create a notification for this product.
Date Public
2024-08-07 23:05
Credits
Jaggar Henry of KoreLogic, Inc.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:14.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Aug/5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "journyx",
            "vendor": "journyx",
            "versions": [
              {
                "status": "affected",
                "version": "11.5.4"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-6890",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T13:26:38.452163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T13:28:52.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Journyx (jtime)",
          "vendor": "Journyx",
          "versions": [
            {
              "status": "affected",
              "version": "11.5.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jaggar Henry of KoreLogic, Inc."
        }
      ],
      "datePublic": "2024-08-07T23:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cpre\u003ePassword reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.\u003c/pre\u003e\u003cbr\u003e"
            }
          ],
          "value": "Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-334",
              "description": "CWE-334 Small Space of Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-799",
              "description": "CWE-799 Improper Control of Interaction Frequency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-07T23:15:35.997Z",
        "orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
        "shortName": "KoreLogic"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Journyx Unauthenticated Password Reset Bruteforce",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
    "assignerShortName": "KoreLogic",
    "cveId": "CVE-2024-6890",
    "datePublished": "2024-08-07T23:09:40.249Z",
    "dateReserved": "2024-07-18T19:25:47.090Z",
    "dateUpdated": "2024-08-08T13:28:52.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-3895 (GCVE-0-2025-3895)

Vulnerability from cvelistv5 – Published: 2025-05-23 10:20 – Updated: 2025-05-23 12:07
VLAI
Title
Low token entropy in MegaBIP
Summary
Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these belonging to administrators).  Version 5.20 of MegaBIP fixes this issue.
Severity
9.1 (Critical)
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CWE
  • CWE-334 - Small Space of Random Values
Assigner
References
Impacted products
Vendor Product Version
Jan Syski MegaBIP Affected: 0 , ≤ 5.19 (semver)
Create a notification for this product.
Credits
Kamil Szczurowski Robert Kruczek
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-23T12:07:30.570920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-23T12:07:48.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MegaBIP",
          "vendor": "Jan Syski",
          "versions": [
            {
              "lessThanOrEqual": "5.19",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kamil Szczurowski"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Robert Kruczek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Token used for resetting passwords in MegaBIP software\u0026nbsp;are generated using a small space of random values combined with a queryable value.\u003cbr\u003e It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these belonging to administrators).\u0026nbsp;\u003cbr\u003eVersion 5.20 of MegaBIP fixes this issue.\u0026nbsp;"
            }
          ],
          "value": "Token used for resetting passwords in MegaBIP software\u00a0are generated using a small space of random values combined with a queryable value.\n It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these belonging to administrators).\u00a0\nVersion 5.20 of MegaBIP fixes this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-334",
              "description": "CWE-334 Small Space of Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-23T10:20:03.919Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/05/CVE-2025-3893"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://megabip.pl/index.php?id=24,145"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Low token entropy in MegaBIP",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-3895",
    "datePublished": "2025-05-23T10:20:03.919Z",
    "dateReserved": "2025-04-23T09:52:16.114Z",
    "dateUpdated": "2025-05-23T12:07:48.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}
Mitigation ID: MIT-2

Phases: Architecture and Design, Requirements

Strategy: Libraries or Frameworks

Description:

  • Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

No CAPEC attack patterns related to this CWE.

Back to CWE stats page