CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CVE-2022-36114 (GCVE-0-2022-36114)
Vulnerability from cvelistv5 – Published: 2022-09-14 00:00 – Updated: 2025-04-23 17:10
VLAI
Title
Extracting malicious crates can fill the file system
Summary
Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.
Severity
4.8 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/rust-lang/cargo/security/advis… | x_refsource_CONFIRM |
| https://github.com/rust-lang/cargo/commit/d1f9553… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp"
},
{
"name": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:00:35.387845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:10:50.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cargo",
"vendor": "rust-lang",
"versions": [
{
"status": "affected",
"version": "\u003c 0.65.0"
},
{
"status": "affected",
"version": "= 0.66.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a \"zip bomb\"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it\u0027s possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T16:17:41.758Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp"
},
{
"name": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7"
}
],
"source": {
"advisory": "GHSA-2hvr-h6gw-qrxp",
"discovery": "UNKNOWN"
},
"title": "Extracting malicious crates can fill the file system"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36114",
"datePublished": "2022-09-14T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:10:50.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36326 (GCVE-0-2022-36326)
Vulnerability from cvelistv5 – Published: 2023-05-18 17:53 – Updated: 2025-01-22 14:32
VLAI
Title
Resource Exhaustion Vulnerability in Western Digital devices
Summary
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.
Severity
4.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Western Digital | My Cloud Home and My Cloud Home Duo |
Affected:
0 , < 9.4.0-191
(custom)
|
|
| SanDisk | ibi |
Affected:
0 , < 9.4.0-191
(custom)
|
|
| Western Digital | My Cloud OS 5 |
Affected:
0 , < 5.26.202
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:31:41.964074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:32:18.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "My Cloud Home and My Cloud Home Duo",
"vendor": "Western Digital",
"versions": [
{
"lessThan": " 9.4.0-191",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ibi",
"vendor": "SanDisk",
"versions": [
{
"lessThan": " 9.4.0-191",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "My Cloud OS 5",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "5.26.202",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) working with Trend Micro\u2019s Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.\u003cp\u003eThis issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.\u003c/p\u003e"
}
],
"value": "An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T17:53:21.372Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"
},
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor My Cloud Home, My Cloud Home Duo and SanDisk ibi devices\u0026nbsp;\u003c/span\u003ewill be automatically updated to reflect the latest firmware version.\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor My Cloud OS 5 devices, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "For My Cloud Home, My Cloud Home Duo and SanDisk ibi devices\u00a0will be automatically updated to reflect the latest firmware version.\nFor My Cloud OS 5 devices, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Resource Exhaustion Vulnerability in Western Digital devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-36326",
"datePublished": "2023-05-18T17:53:21.372Z",
"dateReserved": "2022-07-20T13:57:56.403Z",
"dateUpdated": "2025-01-22T14:32:18.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36329 (GCVE-0-2022-36329)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:19
VLAI
Title
Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices
Summary
An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
Severity
4.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Western Digital | My Cloud Home and My Cloud Home Duo |
Affected:
0 , < 9.4.0-191
(custom)
|
|
| SanDisk | ibi |
Affected:
0 , < 9.4.0-191
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:19:00.328227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:19:08.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "My Cloud Home and My Cloud Home Duo",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "9.4.0-191",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ibi",
"vendor": "SanDisk",
"versions": [
{
"lessThan": "9.4.0-191",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.\u003cp\u003eThis issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.\u003c/p\u003e"
}
],
"value": "An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T22:07:39.132Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll devices will be automatically updated to reflect the latest firmware version.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "All devices will be automatically updated to reflect the latest firmware version.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-36329",
"datePublished": "2023-05-10T19:23:29.702Z",
"dateReserved": "2022-07-20T13:57:56.405Z",
"dateUpdated": "2025-01-24T19:19:08.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3698 (GCVE-0-2022-3698)
Vulnerability from cvelistv5 – Published: 2023-10-24 20:40 – Updated: 2024-09-17 14:18
VLAI
Summary
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
Severity
4.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | HardwareScanPlugin |
Affected:
, < 1.3.1.2
(custom)
|
|
| Lenovo | Diagnostics |
Affected:
, < 4.45
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:15:51.421963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:18:07.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HardwareScanPlugin ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.3.1.2",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.45",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
}
],
"value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:40:56.631Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3698",
"datePublished": "2023-10-24T20:40:56.631Z",
"dateReserved": "2022-10-26T14:17:16.999Z",
"dateUpdated": "2024-09-17T14:18:07.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38100 (GCVE-0-2022-38100)
Vulnerability from cvelistv5 – Published: 2022-09-13 14:54 – Updated: 2025-04-16 16:10
VLAI
Title
Contec Health CMS8000
Summary
The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsma-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Contec Health | CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor |
Affected:
All
|
Date Public
2022-09-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:20.725304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:10:19.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor",
"vendor": "Contec Health",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Level Nine reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T14:54:50.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"
}
],
"source": {
"advisory": "ICSMA-22-244-01",
"discovery": "EXTERNAL"
},
"title": "Contec Health CMS8000",
"workarounds": [
{
"lang": "en",
"value": "Contec Health has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Contec Health for additional information.\n\nThe following mitigations could assist in reducing the risk for exploitation of vulnerabilities:\n\nDisabling UART functionality at the CPU level\nEnforcing unique device authentication before granting access to the terminal / bootloader\nWhere possible, enforcing secure boot. \nTamper stickers on the device casing to indicate when a device has been opened"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-01T17:00:00.000Z",
"ID": "CVE-2022-38100",
"STATE": "PUBLIC",
"TITLE": "Contec Health CMS8000"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Contec Health"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Level Nine reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"
}
]
},
"source": {
"advisory": "ICSMA-22-244-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Contec Health has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Contec Health for additional information.\n\nThe following mitigations could assist in reducing the risk for exploitation of vulnerabilities:\n\nDisabling UART functionality at the CPU level\nEnforcing unique device authentication before granting access to the terminal / bootloader\nWhere possible, enforcing secure boot. \nTamper stickers on the device casing to indicate when a device has been opened"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-38100",
"datePublished": "2022-09-13T14:54:50.356Z",
"dateReserved": "2022-08-29T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:10:19.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38371 (GCVE-0-2022-38371)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2025-05-13 09:38
VLAI
Summary
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC00-U (All versions >= V2.3 < V6.30.37), Desigo PXC001-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC100-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC12-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC128-U (All versions >= V2.3 < V6.30.37), Desigo PXC200-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC50-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC64-U (All versions >= V2.3 < V6.30.37), Desigo PXM20-E (All versions >= V2.3 < V6.30.37), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.
Severity
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
28 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | APOGEE MBC (PPC) (BACnet) |
Affected:
All versions
|
|
| Siemens | APOGEE MBC (PPC) (P2 Ethernet) |
Affected:
All versions
|
|
| Siemens | APOGEE MEC (PPC) (BACnet) |
Affected:
All versions
|
|
| Siemens | APOGEE MEC (PPC) (P2 Ethernet) |
Affected:
All versions
|
|
| Siemens | APOGEE PXC Compact (BACnet) |
Affected:
0 , < V3.5.7
(custom)
|
|
| Siemens | APOGEE PXC Compact (P2 Ethernet) |
Affected:
0 , < V2.8.21
(custom)
|
|
| Siemens | APOGEE PXC Modular (BACnet) |
Affected:
0 , < V3.5.7
(custom)
|
|
| Siemens | APOGEE PXC Modular (P2 Ethernet) |
Affected:
0 , < V2.8.21
(custom)
|
|
| Siemens | Desigo PXC00-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC00-U |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC001-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC100-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC12-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC128-U |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC200-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC22-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC22.1-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC36.1-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC50-E.D |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXC64-U |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Desigo PXM20-E |
Affected:
V2.3 , < V6.30.37
(custom)
|
|
| Siemens | Nucleus NET for Nucleus PLUS V1 |
Affected:
All versions < V5.2a
|
|
| Siemens | Nucleus NET for Nucleus PLUS V2 |
Affected:
All versions < V5.4
|
|
| Siemens | Nucleus ReadyStart V3 V2012 |
Affected:
All versions < V2012.08.1
|
|
| Siemens | Nucleus ReadyStart V3 V2017 |
Affected:
All versions < V2017.02.4
|
|
| Siemens | Nucleus Source Code |
Affected:
0 , < *
(custom)
|
|
| Siemens | TALON TC Compact (BACnet) |
Affected:
0 , < V3.5.7
(custom)
|
|
| Siemens | TALON TC Modular (BACnet) |
Affected:
0 , < V3.5.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-935500.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-313313.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:15:00.675232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:53:27.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "APOGEE MBC (PPC) (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE MBC (PPC) (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE MEC (PPC) (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE MEC (PPC) (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE PXC Compact (BACnet)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.5.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE PXC Compact (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.8.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE PXC Modular (BACnet)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.5.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE PXC Modular (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.8.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00-U",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC001-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC100-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC12-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC128-U",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC200-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22.1-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC36.1-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC50-E.D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC64-U",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXM20-E",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.30.37",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus NET for Nucleus PLUS V1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus NET for Nucleus PLUS V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.4"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus ReadyStart V3 V2012",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2012.08.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus ReadyStart V3 V2017",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2017.02.4"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus Source Code",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TALON TC Compact (BACnet)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.5.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TALON TC Modular (BACnet)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.5.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.21), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.21), Desigo PXC00-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC00-U (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC001-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC100-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC12-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC128-U (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC200-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC22-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC22.1-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC36.1-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC50-E.D (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXC64-U (All versions \u003e= V2.3 \u003c V6.30.37), Desigo PXM20-E (All versions \u003e= V2.3 \u003c V6.30.37), Nucleus NET for Nucleus PLUS V1 (All versions \u003c V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions \u003c V5.4), Nucleus ReadyStart V3 V2012 (All versions \u003c V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions \u003c V3.5.7), TALON TC Modular (BACnet) (All versions \u003c V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:38:10.488Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-935500.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-313313.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-38371",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-05-13T09:38:10.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38677 (GCVE-0-2022-38677)
Vulnerability from cvelistv5 – Published: 2022-10-14 00:00 – Updated: 2025-05-15 14:18
VLAI
Summary
In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.
Severity
5.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Affected:
Android10/Android11/Android12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:17:35.581089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:18:06.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android10/Android11/Android12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-14T00:00:00.000Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2022-38677",
"datePublished": "2022-10-14T00:00:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-05-15T14:18:06.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38679 (GCVE-0-2022-38679)
Vulnerability from cvelistv5 – Published: 2022-10-14 00:00 – Updated: 2025-05-15 14:16
VLAI
Summary
In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.
Severity
5.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Affected:
Android10/Android11/Android12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:15:57.729568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:16:44.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android10/Android11/Android12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-14T00:00:00.000Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2022-38679",
"datePublished": "2022-10-14T00:00:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-05-15T14:16:44.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38687 (GCVE-0-2022-38687)
Vulnerability from cvelistv5 – Published: 2022-10-14 00:00 – Updated: 2025-05-15 14:15
VLAI
Summary
In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.
Severity
5.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Affected:
Android10/Android11/Android12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:13:25.964149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:15:02.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android10/Android11/Android12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-14T00:00:00.000Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2022-38687",
"datePublished": "2022-10-14T00:00:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-05-15T14:15:02.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39123 (GCVE-0-2022-39123)
Vulnerability from cvelistv5 – Published: 2022-10-14 00:00 – Updated: 2025-05-14 15:46
VLAI
Summary
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
Severity
5.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Affected:
Android10/Android11/Android12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-39123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T15:45:30.113671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T15:46:00.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android10/Android11/Android12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-14T00:00:00.000Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2022-39123",
"datePublished": "2022-10-14T00:00:00.000Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2025-05-14T15:46:00.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
Phase: Architecture and Design
Description:
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that protocols have specific limits of scale placed on them.
Mitigation
Phase: Implementation
Description:
- Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.