CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2022-31128 (GCVE-0-2022-31128)
Vulnerability from cvelistv5 – Published: 2022-08-01 16:20 – Updated: 2025-04-23 17:56
VLAI
Title
Fine grained permissions are not checked in Tuleap
Summary
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.
Severity
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Enalean/tuleap/security/adviso… | x_refsource_CONFIRM |
| https://github.com/Enalean/tuleap/commit/58ecb1de… | x_refsource_MISC |
| https://tuleap.net/plugins/git/tuleap/tuleap/stab… | x_refsource_MISC |
| https://tuleap.net/plugins/tracker/?aid=27538 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=58ecb1dee1c46075d3e089980301ebfbe0bafd33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tuleap.net/plugins/tracker/?aid=27538"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:03:10.394893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:56:59.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tuleap",
"vendor": "Enalean",
"versions": [
{
"status": "affected",
"version": "\u003e= \u003e= 13.9.99.110, \u003c 13.10.99.82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tuleap is a Free \u0026 Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T16:20:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=58ecb1dee1c46075d3e089980301ebfbe0bafd33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tuleap.net/plugins/tracker/?aid=27538"
}
],
"source": {
"advisory": "GHSA-2p49-vgcx-5w79",
"discovery": "UNKNOWN"
},
"title": "Fine grained permissions are not checked in Tuleap",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31128",
"STATE": "PUBLIC",
"TITLE": "Fine grained permissions are not checked in Tuleap"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tuleap",
"version": {
"version_data": [
{
"version_value": "\u003e= \u003e= 13.9.99.110, \u003c 13.10.99.82"
}
]
}
}
]
},
"vendor_name": "Enalean"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tuleap is a Free \u0026 Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79",
"refsource": "CONFIRM",
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79"
},
{
"name": "https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33",
"refsource": "MISC",
"url": "https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33"
},
{
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=58ecb1dee1c46075d3e089980301ebfbe0bafd33",
"refsource": "MISC",
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=58ecb1dee1c46075d3e089980301ebfbe0bafd33"
},
{
"name": "https://tuleap.net/plugins/tracker/?aid=27538",
"refsource": "MISC",
"url": "https://tuleap.net/plugins/tracker/?aid=27538"
}
]
},
"source": {
"advisory": "GHSA-2p49-vgcx-5w79",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31128",
"datePublished": "2022-08-01T16:20:13.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:56:59.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31167 (GCVE-0-2022-31167)
Vulnerability from cvelistv5 – Published: 2022-09-07 13:55 – Updated: 2025-04-22 17:23
VLAI
Title
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
Summary
XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds.
Severity
7.1 (High)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://jira.xwiki.org/browse/XWIKI-14075 | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-18983 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 5.0, < 12.10.11
Affected: >= 13.0, < 13.4.6 Affected: >= 13.10, < 13.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-14075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18983"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31167",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:44:31.372232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:23:53.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0, \u003c 12.10.11"
},
{
"status": "affected",
"version": "\u003e= 13.0, \u003c 13.4.6"
},
{
"status": "affected",
"version": "\u003e= 13.10, \u003c 13.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it\u0027s possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T13:55:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-14075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18983"
}
],
"source": {
"advisory": "GHSA-gg53-wf5x-r3r6",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31167",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.0, \u003c 12.10.11"
},
{
"version_value": "\u003e= 13.0, \u003c 13.4.6"
},
{
"version_value": "\u003e= 13.10, \u003c 13.10.1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it\u0027s possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-14075",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-14075"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18983",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18983"
}
]
},
"source": {
"advisory": "GHSA-gg53-wf5x-r3r6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31167",
"datePublished": "2022-09-07T13:55:11.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:23:53.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3124 (GCVE-0-2022-3124)
Vulnerability from cvelistv5 – Published: 2022-10-03 13:45 – Updated: 2024-08-03 01:00
VLAI
Title
Frontend File Manager < 21.3 - Unauthenticated File Renaming
Summary
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/00f76765-95af-4d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Frontend File Manager Plugin |
Affected:
21.3 , < 21.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Frontend File Manager Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "21.3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T13:45:25.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend File Manager \u003c 21.3 - Unauthenticated File Renaming",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-3124",
"STATE": "PUBLIC",
"TITLE": "Frontend File Manager \u003c 21.3 - Unauthenticated File Renaming"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Frontend File Manager Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3124",
"datePublished": "2022-10-03T13:45:25.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31592 (GCVE-0-2022-31592)
Vulnerability from cvelistv5 – Published: 2022-07-12 20:26 – Updated: 2024-08-03 07:19
VLAI
Summary
The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-16… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3196280 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Enterprise Extension Defense Forces & Public Security (EA-DFPS) |
Affected:
605
Affected: 606 Affected: 616 Affected: 617 Affected: 618 Affected: 802 Affected: 803 Affected: 804 Affected: 805 Affected: 806 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3196280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Enterprise Extension Defense Forces \u0026 Public Security (EA-DFPS)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "605"
},
{
"status": "affected",
"version": "606"
},
{
"status": "affected",
"version": "616"
},
{
"status": "affected",
"version": "617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "802"
},
{
"status": "affected",
"version": "803"
},
{
"status": "affected",
"version": "804"
},
{
"status": "affected",
"version": "805"
},
{
"status": "affected",
"version": "806"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The application SAP Enterprise Extension Defense Forces \u0026 Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:26:34.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3196280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-31592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Enterprise Extension Defense Forces \u0026 Public Security (EA-DFPS)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "605"
},
{
"version_affected": "=",
"version_value": "606"
},
{
"version_affected": "=",
"version_value": "616"
},
{
"version_affected": "=",
"version_value": "617"
},
{
"version_affected": "=",
"version_value": "618"
},
{
"version_affected": "=",
"version_value": "802"
},
{
"version_affected": "=",
"version_value": "803"
},
{
"version_affected": "=",
"version_value": "804"
},
{
"version_affected": "=",
"version_value": "805"
},
{
"version_affected": "=",
"version_value": "806"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application SAP Enterprise Extension Defense Forces \u0026 Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3196280",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3196280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-31592",
"datePublished": "2022-07-12T20:26:34.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31595 (GCVE-0-2022-31595)
Vulnerability from cvelistv5 – Published: 2022-06-14 18:45 – Updated: 2024-08-03 07:19
VLAI
Summary
SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-16… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3158815 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Financial Consolidation |
Affected:
1010
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3158815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Financial Consolidation",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "1010"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Financial Consolidation - version 1010,\ufffddoes not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.\u003c/p\u003e"
}
],
"value": "SAP Financial Consolidation - version 1010,\ufffddoes not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T13:02:31.850Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3158815"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-31595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Financial Consolidation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1010"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Financial Consolidation - version 1010,\ufffddoes not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3158815",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3158815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-31595",
"datePublished": "2022-06-14T18:45:56.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31597 (GCVE-0-2022-31597)
Vulnerability from cvelistv5 – Published: 2022-07-12 20:27 – Updated: 2024-08-03 07:25
VLAI
Summary
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-16… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3213826 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP S/4HANA |
Affected:
S4CORE 101
Affected: 102 Affected: 103 Affected: 104 Affected: 105 Affected: 106 Affected: SAPSCORE 127 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:25:59.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3213826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP S/4HANA",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 101"
},
{
"status": "affected",
"version": "102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "SAPSCORE 127"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:27:00.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3213826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-31597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP S/4HANA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "S4CORE 101"
},
{
"version_affected": "=",
"version_value": "102"
},
{
"version_affected": "=",
"version_value": "103"
},
{
"version_affected": "=",
"version_value": "104"
},
{
"version_affected": "=",
"version_value": "105"
},
{
"version_affected": "=",
"version_value": "106"
},
{
"version_affected": "=",
"version_value": "SAPSCORE 127"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3213826",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3213826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-31597",
"datePublished": "2022-07-12T20:27:00.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:25:59.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31765 (GCVE-0-2022-31765)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2026-04-14 08:35
VLAI
Summary
Affected devices do not properly authorize the change password function of the web interface.
This could allow low privileged users to escalate their privileges.
Severity
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
235 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 LTE(4G) EU |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) NAM |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M804PB |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M812-1 ADSL-Router |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M812-1 ADSL-Router |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M816-1 ADSL-Router |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M816-1 ADSL-Router |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M826-2 SHDSL-Router |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M874-2 |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M874-3 |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M876-3 |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M876-3 (ROK) |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M876-4 |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M876-4 (EU) |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE M876-4 (NAM) |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (EU) |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (EU) |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (RoW) |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE S615 EEC LAN-Router |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE S615 LAN-Router |
Affected:
0 , < V7.1.2
(custom)
|
|
| Siemens | SCALANCE SC622-2C |
Affected:
All versions < V3.0
|
|
| Siemens | SCALANCE SC632-2C |
Affected:
All versions < V3.0
|
|
| Siemens | SCALANCE SC636-2C |
Affected:
All versions < V3.0
|
|
| Siemens | SCALANCE SC642-2C |
Affected:
All versions < V3.0
|
|
| Siemens | SCALANCE SC646-2C |
Affected:
All versions < V3.0
|
|
| Siemens | SCALANCE W1748-1 M12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE W1748-1 M12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE W1788-1 M12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE W1788-2 EEC M12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE W1788-2 M12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE W1788-2IA M12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE W721-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W721-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W721-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W721-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W722-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W722-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W722-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W722-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W722-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W722-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W734-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W734-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W734-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W734-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W734-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W734-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W734-1 RJ45 (USA) |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W734-1 RJ45 (USA) |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W738-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W738-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W738-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W738-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W748-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W748-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W748-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W748-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W748-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W748-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W748-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W748-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W761-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W761-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W761-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W761-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 (USA) |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W774-1 RJ45 (USA) |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W778-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W778-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W778-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W778-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W778-1 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W778-1 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W778-1 M12 EEC (USA) |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W778-1 M12 EEC (USA) |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 SFP |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 SFP |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 SFP |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2 SFP |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2IA RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2IA RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2IA RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W786-2IA RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-1 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-1 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 M12 EEC |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE W788-2 RJ45 |
Affected:
0 , < V6.6.0
(custom)
|
|
| Siemens | SCALANCE WAM763-1 |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE WAM766-1 |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE WAM766-1 (US) |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE WAM766-1 EEC |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE WAM766-1 EEC (US) |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE WUM763-1 |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE WUM763-1 |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE WUM766-1 |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE WUM766-1 (USA) |
Affected:
All versions < V2.0
|
|
| Siemens | SCALANCE XB205-3 (SC, PN) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB205-3 (ST, E/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB205-3 (ST, E/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB205-3 (ST, PN) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB205-3LD (SC, E/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB205-3LD (SC, PN) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB208 (E/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB208 (PN) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB213-3 (SC, E/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB213-3 (SC, PN) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB213-3 (ST, E/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB213-3 (ST, PN) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB213-3LD (SC, E/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB213-3LD (SC, PN) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB216 (E/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XB216 (PN) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2 (SC) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2 (ST/BFOC) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2G PoE |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2G PoE (54 V DC) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2G PoE EEC (54 V DC) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP G |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP G (EIP DEF.) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP G EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC208 |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC208EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC208G |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC208G (EIP def.) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC208G EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC208G PoE |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC208G PoE (54 V DC) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC216 |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC216-3G PoE |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC216-3G PoE (54 V DC) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC216-4C |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC216-4C G |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC216-4C G (EIP Def.) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC216-4C G EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC216EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC224 |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC224-4C G |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC224-4C G (EIP Def.) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XC224-4C G EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XF204 |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XF204 DNA |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XF204-2BA |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XF204-2BA DNA |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XM408-4C |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XM408-4C (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XM408-8C |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XM408-8C (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XM416-4C |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XM416-4C (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XP208 |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XP208 (Ethernet/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XP208EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XP208PoE EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XP216 |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XP216 (Ethernet/IP) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XP216EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XP216POE EEC |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR324WG (24 x FE, AC 230V) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR324WG (24 X FE, DC 24V) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR326-2C PoE WG |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR326-2C PoE WG (without UL) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (28xGE, AC 230V) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (28xGE, DC 24V) |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 1x230V |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 1x230V (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 24V |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 24V (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 2x230V |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 2x230V (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 1x230V |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 1x230V (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 24V |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 24V (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 2x230V |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 2x230V (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR528-6M |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR528-6M (2HR2, L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR528-6M (2HR2) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR528-6M (L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR552-12M |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR552-12M (2HR2, L3 int.) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR552-12M (2HR2) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SCALANCE XR552-12M (2HR2) |
Affected:
0 , < V6.6
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE XC206-2 |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE XC206-2SFP |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE XC208 |
Affected:
0 , < V4.4
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE XC216-4C |
Affected:
0 , < V4.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:22:51.272836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:48:35.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC622-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC632-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC636-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC642-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC646-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2 EEC M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2IA M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3LD (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3LD (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB208 (E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB208 (PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (ST, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3LD (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3LD (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB216 (E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB216 (PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2 (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2 (ST/BFOC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G (EIP DEF.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G (EIP def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-3G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-3G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G (EIP Def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G (EIP Def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204 DNA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA DNA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-4C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-8C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-8C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM416-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM416-4C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208 (Ethernet/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208PoE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216 (Ethernet/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216POE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324WG (24 x FE, AC 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324WG (24 X FE, DC 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-2C PoE WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-2C PoE WG (without UL)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 1x230V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 1x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 24V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 24V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 2x230V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 2x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 1x230V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 1x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 24V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 24V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 2x230V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 2x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (2HR2, L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2, L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC206-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC206-2SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC216-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Affected devices do not properly authorize the change password function of the web interface.\r\nThis could allow low privileged users to escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:35:21.893Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-552702.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31765",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-05-27T00:00:00.000Z",
"dateUpdated": "2026-04-14T08:35:21.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-3244 (GCVE-0-2022-3244)
Vulnerability from cvelistv5 – Published: 2022-10-17 00:00 – Updated: 2025-05-13 15:55
VLAI
Title
Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation
Summary
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
Severity
4.2 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Import all XML, CSV & TXT into WordPress |
Affected:
6.5.8 , < 6.5.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3244",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:54:21.900462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:55:04.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Import all XML, CSV \u0026 TXT into WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.5.8",
"status": "affected",
"version": "6.5.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sanjay Das"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import all XML, CSV \u0026 TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Import all XML, CSV \u0026 TXT into WordPress \u003c 6.5.8 - Missing Authorisation",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3244",
"datePublished": "2022-10-17T00:00:00.000Z",
"dateReserved": "2022-09-20T00:00:00.000Z",
"dateUpdated": "2025-05-13T15:55:04.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32768 (GCVE-0-2022-32768)
Vulnerability from cvelistv5 – Published: 2022-08-22 18:26 – Updated: 2025-04-15 18:50
VLAI
Summary
Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams.
Severity
4.8 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/WWBN/AVideo/blob/e04b1cd7062e1… | x_refsource_CONFIRM |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
Impacted products
Date Public
2022-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-32768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:14:11.615088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:50:44.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AVideo",
"vendor": "WWBN",
"versions": [
{
"status": "affected",
"version": "11.6"
},
{
"status": "affected",
"version": "dev master commit 3f7c0364"
}
]
}
],
"datePublic": "2022-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user\u0027s streams."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T18:26:26.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2022-08-16",
"ID": "CVE-2022-32768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AVideo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.6"
},
{
"version_affected": "=",
"version_value": "dev master commit 3f7c0364"
}
]
}
}
]
},
"vendor_name": "WWBN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user\u0027s streams."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.8,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql",
"refsource": "CONFIRM",
"url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-32768",
"datePublished": "2022-08-22T18:26:26.065Z",
"dateReserved": "2022-06-09T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:50:44.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32769 (GCVE-0-2022-32769)
Vulnerability from cvelistv5 – Published: 2022-08-22 18:26 – Updated: 2025-04-15 18:50
VLAI
Summary
Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists.
Severity
4.8 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/WWBN/AVideo/blob/e04b1cd7062e1… | x_refsource_CONFIRM |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
Impacted products
Date Public
2022-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:45.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-32769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:14:08.776923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:50:37.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AVideo",
"vendor": "WWBN",
"versions": [
{
"status": "affected",
"version": "11.6"
},
{
"status": "affected",
"version": "dev master commit 3f7c0364"
}
]
}
],
"datePublic": "2022-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user\u0027s playlists."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T18:26:47.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2022-08-16",
"ID": "CVE-2022-32769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AVideo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.6"
},
{
"version_affected": "=",
"version_value": "dev master commit 3f7c0364"
}
]
}
}
]
},
"vendor_name": "WWBN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user\u0027s playlists."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.8,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql",
"refsource": "CONFIRM",
"url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-32769",
"datePublished": "2022-08-22T18:26:47.619Z",
"dateReserved": "2022-06-09T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:50:37.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.