Search

Find a vulnerability

Search criteria

    98 vulnerabilities

    CVE-2026-7891 (GCVE-0-2026-7891)

    Vulnerability from cvelistv5 – Published: 2026-05-07 21:07 – Updated: 2026-07-07 13:59
    VLAI
    Summary
    The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-277 - Insecure inherited permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    DIVD VerySecureApp Affected: 0 , ≤ 1.1.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7891",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T13:45:32.114033Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:59:58.347Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VerySecureApp",
              "vendor": "DIVD",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003e\u003cspan\u003eAnonymous user must be added with Anonymous user roles\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "*  Anonymous user must be added with Anonymous user roles"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation.\u0026nbsp;"
                }
              ],
              "value": "The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "ATTACKED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-277",
                  "description": "CWE-277 Insecure inherited permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:44:46.577Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2026-00006/"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://www.divd.nl/mendix.html"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2026-7891",
        "datePublished": "2026-05-07T21:07:22.206Z",
        "dateReserved": "2026-05-05T21:09:08.070Z",
        "dateUpdated": "2026-07-07T13:59:58.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36747 (GCVE-0-2025-36747)

    Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2025-12-16 11:02
    VLAI
    Title
    Hardcoded FTP Credentials within the firmware
    Summary
    ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmware signature verification is not enforced.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36747/ third-party-advisory
    Impacted products
    Vendor Product Version
    Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
    Create a notification for this product.
    Credits
    Hamid Rahmouni & Akram Hamdi Victor Pasman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36747",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:30:04.724934Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:33:08.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ShineLan-X",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.0.2",
                  "status": "affected",
                  "version": "3.6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hamid Rahmouni \u0026 Akram Hamdi"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmware signature verification is not enforced."
                }
              ],
              "value": "ShineLan-X contains\u00a0a set of credentials for an FTP server was found within the firmware, allowing\u00a0testers to establish an insecure FTP connection with the server.\u00a0This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the\u00a0firmware signature verification is not enforced."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T11:02:11.957Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36747/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Hardcoded FTP Credentials within the firmware",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36747",
        "datePublished": "2025-12-13T08:16:25.804Z",
        "dateReserved": "2025-04-15T21:54:36.813Z",
        "dateUpdated": "2025-12-16T11:02:11.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36752 (GCVE-0-2025-36752)

    Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2026-01-07 14:43
    VLAI
    Title
    Undocumented backup Account and No Password Configuration Capability
    Summary
    Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36752/ third-party-advisory
    Impacted products
    Vendor Product Version
    Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
    Create a notification for this product.
    Credits
    Hamid Rahmouni Victor Pasman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36752",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:30:07.908768Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:33:13.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ShineLan-X",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.0.2",
                  "status": "affected",
                  "version": "3.6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hamid Rahmouni"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented\u00a0credentials\u00a0which\u00a0allows significant level access to the device, such as\u00a0allowing any attacker to access the Setting\u00a0Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle."
                }
              ],
              "value": "Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented\u00a0credentials\u00a0which\u00a0allows significant level access to the device, such as\u00a0allowing any attacker to access the Setting\u00a0Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-07T14:43:33.184Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36752/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Undocumented backup Account and No Password Configuration Capability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36752",
        "datePublished": "2025-12-13T08:16:25.088Z",
        "dateReserved": "2025-04-15T21:54:36.815Z",
        "dateUpdated": "2026-01-07T14:43:33.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36754 (GCVE-0-2025-36754)

    Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2025-12-16 11:02
    VLAI
    Title
    Authentication bypass on web interface
    Summary
    The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or authentication in place. This would allow an attacker for instance to point the device to an arbitrary address for domain name resolution to e.g. facililitate a man-in-the-middle (MitM) attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36754/ third-party-advisory
    Impacted products
    Vendor Product Version
    Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
    Create a notification for this product.
    Credits
    Hamid Rahmouni Victor Pasman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36754",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:27:48.035651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:33:19.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ShineLan-X",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.0.2",
                  "status": "affected",
                  "version": "3.6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hamid Rahmouni"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The authentication mechanism on web interface is not properly implemented. It is\u00a0possible to bypass authentication checks by crafting a post request with new settings\u00a0since there is no session token or authentication in place. This would allow an\u00a0attacker for instance to point the device to an arbitrary address for domain name resolution to e.g. facililitate a man-in-the-middle (MitM) attack."
                }
              ],
              "value": "The authentication mechanism on web interface is not properly implemented. It is\u00a0possible to bypass authentication checks by crafting a post request with new settings\u00a0since there is no session token or authentication in place. This would allow an\u00a0attacker for instance to point the device to an arbitrary address for domain name resolution to e.g. facililitate a man-in-the-middle (MitM) attack."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T11:02:11.379Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36754/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authentication bypass on web interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36754",
        "datePublished": "2025-12-13T08:16:24.266Z",
        "dateReserved": "2025-04-15T21:54:36.815Z",
        "dateUpdated": "2025-12-16T11:02:11.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36748 (GCVE-0-2025-36748)

    Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2025-12-16 11:02
    VLAI
    Title
    Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X
    Summary
    ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36748/ third-party-advisory
    Impacted products
    Vendor Product Version
    Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
    Create a notification for this product.
    Credits
    Hamid Rahmouni Victor Pasman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36748",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:27:50.124259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:33:24.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ShineLan-X",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.0.2",
                  "status": "affected",
                  "version": "3.6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hamid Rahmouni"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ShineLan-X contains\u00a0a stored cross site scripting (XSS) vulnerability in the local configuration\u00a0web server. The JavaScript code snippet can be inserted\u00a0in the communication module\u2019s settings center. This may allow attackers to force a\u00a0legitimate user\u2019s browser\u2019s JavaScript engine to run malicious code."
                }
              ],
              "value": "ShineLan-X contains\u00a0a stored cross site scripting (XSS) vulnerability in the local configuration\u00a0web server. The JavaScript code snippet can be inserted\u00a0in the communication module\u2019s settings center. This may allow attackers to force a\u00a0legitimate user\u2019s browser\u2019s JavaScript engine to run malicious code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-441",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-441 Malicious Logic Insertion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T11:02:11.082Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36748/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36748",
        "datePublished": "2025-12-13T08:16:23.523Z",
        "dateReserved": "2025-04-15T21:54:36.814Z",
        "dateUpdated": "2025-12-16T11:02:11.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36750 (GCVE-0-2025-36750)

    Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2025-12-16 11:02
    VLAI
    Title
    Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X
    Summary
    ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36750/ third-party-advisory
    Impacted products
    Vendor Product Version
    Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
    Create a notification for this product.
    Credits
    Hamid Rahmouni & Akram Hamdi Victor Pasman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36750",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:27:52.349069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:33:30.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ShineLan-X",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.0.2",
                  "status": "affected",
                  "version": "3.6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hamid Rahmouni \u0026 Akram Hamdi"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ShineLan-X contains\u00a0a stored cross site scripting (XSS) vulnerability in the\u00a0Plant Name field. A HTML payload\u00a0will be displayed on the plant management page via a direct post.\u00a0This may allow attackers to force a\u00a0legitimate user\u2019s browser\u2019s JavaScript engine to run malicious code."
                }
              ],
              "value": "ShineLan-X contains\u00a0a stored cross site scripting (XSS) vulnerability in the\u00a0Plant Name field. A HTML payload\u00a0will be displayed on the plant management page via a direct post.\u00a0This may allow attackers to force a\u00a0legitimate user\u2019s browser\u2019s JavaScript engine to run malicious code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-441",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-441 Malicious Logic Insertion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T11:02:10.775Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36750/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36750",
        "datePublished": "2025-12-13T08:16:22.832Z",
        "dateReserved": "2025-04-15T21:54:36.814Z",
        "dateUpdated": "2025-12-16T11:02:10.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36753 (GCVE-0-2025-36753)

    Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2025-12-16 11:02
    VLAI
    Title
    SWD Interface Open on Growatt ShineLan-X
    Summary
    The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36753/ third-party-advisory
    Impacted products
    Vendor Product Version
    Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
    Create a notification for this product.
    Credits
    Hamid Rahmouni Victor Pasman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36753",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:30:10.184437Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:33:36.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ShineLan-X",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.0.2",
                  "status": "affected",
                  "version": "3.6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hamid Rahmouni"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device."
                }
              ],
              "value": "The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T11:02:10.315Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36753/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SWD Interface Open on Growatt ShineLan-X",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36753",
        "datePublished": "2025-12-13T08:16:22.056Z",
        "dateReserved": "2025-04-15T21:54:36.815Z",
        "dateUpdated": "2025-12-16T11:02:10.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36751 (GCVE-0-2025-36751)

    Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2025-12-16 11:02
    VLAI
    Title
    Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X
    Summary
    Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36751/ third-party-advisory
    Impacted products
    Vendor Product Version
    Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
    Create a notification for this product.
    Credits
    Alexandros Tokatlis Victor Pasman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:30:12.399256Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:33:42.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ShineLan-X",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThanOrEqual": "3.6.0.2",
                  "status": "affected",
                  "version": "3.6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexandros Tokatlis"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Encryption is missing on the configuration interface for Growatt\u00a0ShineLan-X and\u00a0MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint."
                }
              ],
              "value": "Encryption is missing on the configuration interface for Growatt\u00a0ShineLan-X and\u00a0MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176 Configuration/Environment Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T11:02:09.858Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36751/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36751",
        "datePublished": "2025-12-13T08:16:21.309Z",
        "dateReserved": "2025-04-15T21:54:36.814Z",
        "dateUpdated": "2025-12-16T11:02:09.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36746 (GCVE-0-2025-36746)

    Vulnerability from cvelistv5 – Published: 2025-12-12 15:05 – Updated: 2026-01-06 11:15 Exclusively Hosted Service
    VLAI
    Title
    SolarEdge Monitoring Platform contains a XSS upon report deletion
    Summary
    SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36746 third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00022/ third-party-advisory
    Impacted products
    Credits
    Akram Hamdi (ENCS) Victor Pasman (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T20:26:40.081674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T20:26:51.359Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SolarEdge Monitoring platform (SaaS)",
              "vendor": "SolarEdge",
              "versions": [
                {
                  "status": "affected",
                  "version": "unkown"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Akram Hamdi (ENCS)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman (DIVD)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarEdge monitoring platform contains a Cross\u2011Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim\u2019s browser during a deletion attempt.\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cbr\u003e"
                }
              ],
              "value": "SolarEdge monitoring platform contains a Cross\u2011Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim\u2019s browser during a deletion attempt."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-121",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/V:D",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T11:15:15.879Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36746"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00022/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "SolarEdge Monitoring Platform contains a XSS upon report deletion",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36746",
        "datePublished": "2025-12-12T15:05:40.479Z",
        "dateReserved": "2025-04-15T21:54:36.813Z",
        "dateUpdated": "2026-01-06T11:15:15.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36743 (GCVE-0-2025-36743)

    Vulnerability from cvelistv5 – Published: 2025-12-12 15:05 – Updated: 2026-01-06 11:15
    VLAI
    Title
    SolarEdge SE3680H - Exposed Debug interface
    Summary
    SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE‑1191 — On‑Chip Debug and Test Interface With Improper Access Control
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36743 third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00022/ third-party-advisory
    Impacted products
    Vendor Product Version
    SolarEdge SE3680H Affected: 4.0 , < 4.22 (semver)
    Create a notification for this product.
    Credits
    Hamid Rahmouni (ENCS) Victor Pasman (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T19:28:00.733714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T19:28:13.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SE3680H",
              "vendor": "SolarEdge",
              "versions": [
                {
                  "lessThan": "4.22",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hamid Rahmouni (ENCS)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman (DIVD)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands."
                }
              ],
              "value": "SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-121",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-121 Exploit Non-Production Interfaces"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE\u20111191 \u2014 On\u2011Chip Debug and Test Interface With Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T11:15:14.682Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36743"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00022/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarEdge SE3680H - Exposed Debug interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36743",
        "datePublished": "2025-12-12T15:05:39.756Z",
        "dateReserved": "2025-04-15T21:54:36.813Z",
        "dateUpdated": "2026-01-06T11:15:14.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36744 (GCVE-0-2025-36744)

    Vulnerability from cvelistv5 – Published: 2025-12-12 15:05 – Updated: 2025-12-12 19:31
    VLAI
    Title
    SolarEdge SE3680H - Information Exposure during Bootloader Loop
    Summary
    SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1295 - Debug Messages Revealing Unnecessary Information
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36744 third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00022/ third-party-advisory
    Impacted products
    Vendor Product Version
    SolarEdge SE3680H Affected: 4.0 , < 4.22 (semver)
    Create a notification for this product.
    Credits
    Alexandros Tokatlis (ENCS) Victor Pasman (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36744",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T19:31:06.783164Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-12T19:31:36.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SE3680H",
              "vendor": "SolarEdge",
              "versions": [
                {
                  "lessThan": "4.22",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexandros Tokatlis (ENCS)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman (DIVD)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information.\u003cbr\u003e"
                }
              ],
              "value": "SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-121",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1295: Debug Messages Revealing Unnecessary Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-12T15:05:39.214Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36744"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00022/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarEdge SE3680H - Information Exposure during Bootloader Loop",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36744",
        "datePublished": "2025-12-12T15:05:39.214Z",
        "dateReserved": "2025-04-15T21:54:36.813Z",
        "dateUpdated": "2025-12-12T19:31:36.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36745 (GCVE-0-2025-36745)

    Vulnerability from cvelistv5 – Published: 2025-12-12 15:05 – Updated: 2025-12-12 19:33
    VLAI
    Title
    SolarEdge SE3680H contains Linux Kernel vulnerabilities
    Summary
    SolarEdge SE3680H  ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36745 third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00022/ third-party-advisory
    Impacted products
    Vendor Product Version
    SolarEdge SE3680H Affected: 4.0 , < 4.22 (semver)
    Create a notification for this product.
    Credits
    Alexandros Tokatlis (ENCS) Victor Pasman (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T19:33:07.241801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-12T19:33:31.099Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SE3680H",
              "vendor": "SolarEdge",
              "versions": [
                {
                  "lessThan": "4.22",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexandros Tokatlis (ENCS)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman (DIVD)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarEdge SE3680H\u0026nbsp; ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cbr\u003e"
                }
              ],
              "value": "SolarEdge SE3680H\u00a0 ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            },
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/V:D",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1104 \u2014 Use of Unmaintained Third Party Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-12T15:05:38.582Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36745"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00022/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarEdge SE3680H contains Linux Kernel vulnerabilities",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36745",
        "datePublished": "2025-12-12T15:05:38.582Z",
        "dateReserved": "2025-04-15T21:54:36.813Z",
        "dateUpdated": "2025-12-12T19:33:31.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36755 (GCVE-0-2025-36755)

    Vulnerability from cvelistv5 – Published: 2025-12-12 14:58 – Updated: 2025-12-13 08:16
    VLAI
    Title
    CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard
    Summary
    The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1244 - Internal Asset Exposed to Unsafe Debug Access Level or State
    • CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-5743/ third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00043 third-party-advisory
    Impacted products
    Vendor Product Version
    CleverDisplay B.V. BlueOne (CleverDisplay Hardware Player) Affected: 12.11.1 (semver)
    Unaffected: 12.12.1 , ≤ * (semver)
    Create a notification for this product.
    Date Public
    2025-08-09 16:00
    Credits
    Alwin Warringa, Tom Dantuma, Ruben Meeuwissen, and Ramon Dunker. Dennis Kussendrager (DIVD) Victor Pasman (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36755",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T18:50:02.532239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-12T18:50:19.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Enclosure / USB keyboard interface / BIOS \u0026 GRUB boot process"
              ],
              "product": "BlueOne (CleverDisplay Hardware Player)",
              "vendor": "CleverDisplay B.V.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "12.12.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alwin Warringa, Tom Dantuma, Ruben Meeuwissen, and Ramon Dunker."
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Dennis Kussendrager (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Victor Pasman  (DIVD)"
            }
          ],
          "datePublic": "2025-08-09T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\u2019s protective enclosure, it was possible to connect a USB keyboard and press \u003cstrong\u003eESC\u003c/strong\u003e during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations."
                }
              ],
              "value": "The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\u2019s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-522",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-522 Malicious Hardware Component Replacement"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1244",
                  "description": "CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1191",
                  "description": "CWE-1191: On-Chip Debug and Test Interface With Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-13T08:16:14.495Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-5743/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00043"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access."
                }
              ],
              "value": "BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36755",
        "datePublished": "2025-12-12T14:58:22.970Z",
        "dateReserved": "2025-04-15T21:54:36.815Z",
        "dateUpdated": "2025-12-13T08:16:14.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36759 (GCVE-0-2025-36759)

    Vulnerability from cvelistv5 – Published: 2025-09-10 08:50 – Updated: 2025-09-10 18:38 Exclusively Hosted Service
    VLAI
    Title
    Sensitive Information Disclosure in SolaX Cloud
    Summary
    Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36759 third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00015 third-party-advisory
    Impacted products
    Vendor Product Version
    SolaX Power SolaX Cloud Affected: before 27-06-2025
    Create a notification for this product.
    Credits
    Humza Ahmad Max van der Horst
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36759",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T18:19:48.772755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T18:38:08.524Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SolaX Cloud",
              "vendor": "SolaX Power",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 27-06-2025"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Humza Ahmad"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Horst"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers."
                }
              ],
              "value": "Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-10T08:50:56.409Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36759"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00015"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "Sensitive Information Disclosure in SolaX Cloud",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36759",
        "datePublished": "2025-09-10T08:50:56.409Z",
        "dateReserved": "2025-04-15T21:54:36.815Z",
        "dateUpdated": "2025-09-10T18:38:08.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36757 (GCVE-0-2025-36757)

    Vulnerability from cvelistv5 – Published: 2025-09-10 08:50 – Updated: 2025-09-10 18:50 Exclusively Hosted Service
    VLAI
    Title
    Bypass of administrator login screen in SolaX Cloud
    Summary
    It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36757 third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00015 third-party-advisory
    Impacted products
    Vendor Product Version
    SolaX Power SolaX Cloud Affected: before 27-06-2025
    Create a notification for this product.
    Credits
    Humza Ahmad Max van der Horst
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36757",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T18:50:31.390765Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T18:50:46.301Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SolaX Cloud",
              "vendor": "SolaX Power",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 27-06-2025"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Humza Ahmad"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Horst"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system."
                }
              ],
              "value": "It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-10T08:50:55.697Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36757"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00015"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "Bypass of administrator login screen in SolaX Cloud",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36757",
        "datePublished": "2025-09-10T08:50:55.697Z",
        "dateReserved": "2025-04-15T21:54:36.815Z",
        "dateUpdated": "2025-09-10T18:50:46.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36758 (GCVE-0-2025-36758)

    Vulnerability from cvelistv5 – Published: 2025-09-10 08:50 – Updated: 2025-09-10 19:13 Exclusively Hosted Service
    VLAI
    Title
    Bypass of bruteforce protection in SolaX Cloud
    Summary
    It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36758 third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00015 third-party-advisory
    Impacted products
    Vendor Product Version
    SolaX Power SolaX Cloud Affected: before 27-06-2025
    Create a notification for this product.
    Credits
    Humza Ahmad Max van der Horst
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36758",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T19:10:33.634349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T19:13:51.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SolaX Cloud",
              "vendor": "SolaX Power",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 27-06-2025"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Humza Ahmad"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Horst"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the \u0027Forgot Password\u0027 functionality as an oracle."
                }
              ],
              "value": "It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the \u0027Forgot Password\u0027 functionality as an oracle."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-10T08:50:54.789Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36758"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00015"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "Bypass of bruteforce protection in SolaX Cloud",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36758",
        "datePublished": "2025-09-10T08:50:54.789Z",
        "dateReserved": "2025-04-15T21:54:36.815Z",
        "dateUpdated": "2025-09-10T19:13:51.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36756 (GCVE-0-2025-36756)

    Vulnerability from cvelistv5 – Published: 2025-09-10 08:50 – Updated: 2025-09-10 19:27 Exclusively Hosted Service
    VLAI
    Title
    Device Takeover vulnerability in SolaX Cloud
    Summary
    A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-862 - Missing Authorization
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-36756 third-party-advisory
    https://csirt.divd.nl/DIVD-2025-00015 third-party-advisory
    Impacted products
    Vendor Product Version
    SolaX Power SolaX Cloud Affected: before 27-06-2025
    Create a notification for this product.
    Credits
    Humza Ahmad Max van der Horst
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36756",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T19:26:47.173904Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T19:27:07.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SolaX Cloud",
              "vendor": "SolaX Power",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 27-06-2025"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Humza Ahmad"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Horst"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known."
                }
              ],
              "value": "A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/R:U/V:D",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-10T08:50:53.996Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-36756"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00015"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "Device Takeover vulnerability in SolaX Cloud",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-36756",
        "datePublished": "2025-09-10T08:50:53.996Z",
        "dateReserved": "2025-04-15T21:54:36.815Z",
        "dateUpdated": "2025-09-10T19:27:07.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-29757 (GCVE-0-2025-29757)

    Vulnerability from cvelistv5 – Published: 2025-07-19 05:15 – Updated: 2025-07-22 10:05 Exclusively Hosted Service
    VLAI
    Summary
    An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Growatt https://oss.growatt.com Affected: 0 , < 13 Jun 2025 (date)
    Create a notification for this product.
    Growatt https://server.growatt.com Affected: 0 , < 13 June 2025 (date)
    Create a notification for this product.
    Date Public
    2025-07-09 22:00
    Credits
    Humza Ahmad Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29757",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T15:37:51.011826Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T15:38:13.225Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "https://oss.growatt.com",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThan": "13 Jun 2025",
                  "status": "affected",
                  "version": "0",
                  "versionType": "date"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "https://server.growatt.com",
              "vendor": "Growatt",
              "versions": [
                {
                  "lessThan": "13 June 2025",
                  "status": "affected",
                  "version": "0",
                  "versionType": "date"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Humza Ahmad"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-07-09T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An incorrect authorisation check in the the\u0026nbsp;\u0027plant transfer\u0027 function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account."
                }
              ],
              "value": "An incorrect authorisation check in the the\u00a0\u0027plant transfer\u0027 function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-395",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/S:P/V:C",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T10:05:55.465Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://server.growatt.com"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://oss.growatt.com"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-29757"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00011"
            }
          ],
          "source": {
            "advisory": "DIVD-2025-00011",
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-29757",
        "datePublished": "2025-07-19T05:15:36.810Z",
        "dateReserved": "2025-03-11T13:40:29.272Z",
        "dateUpdated": "2025-07-22T10:05:55.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-29756 (GCVE-0-2025-29756)

    Vulnerability from cvelistv5 – Published: 2025-06-11 08:01 – Updated: 2025-06-23 12:45 Exclusively Hosted Service
    VLAI
    Title
    MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
    Summary
    SunGrow's back end users system iSolarCloud https://isolarcloud.com  uses an MQTT service to transport data from the user's connected devices to the user's web browser.  The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.  While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received. An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-29756 third-party-advisorytechnical-description
    https://csirt.divd.nl/DIVD-2025-00009 third-party-advisory
    https://isolarcloud.com product
    Impacted products
    Vendor Product Version
    SunGrow iSolarCloud Affected: 0 , < 7 June 2025 (custom)
    Create a notification for this product.
    Date Public
    2025-06-08 22:00
    Credits
    Harm van den Brink (DIVD) Frank Breedijk (DIVD) ENCS (https://encs.eu/)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29756",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T13:14:49.544632Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T13:14:59.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "iSolarCloud",
              "vendor": "SunGrow",
              "versions": [
                {
                  "lessThan": "7 June 2025",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Harm van den Brink (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "ENCS (https://encs.eu/)"
            }
          ],
          "datePublic": "2025-06-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SunGrow\u0027s back end users system \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://isolarcloud.com\"\u003eiSolarCloud\u003c/a\u003e\u0026nbsp;uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u0026nbsp;\u003cbr\u003eThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u0026nbsp;\u003cbr\u003eWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\u003cbr\u003eAn attack with an account on iSolarCloud.com could extract\u0026nbsp;MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
                }
              ],
              "value": "SunGrow\u0027s back end users system  iSolarCloud https://isolarcloud.com \u00a0uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u00a0\nThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u00a0\nWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\nAn attack with an account on iSolarCloud.com could extract\u00a0MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:45:06.342Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "technical-description"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-29756"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00009"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://isolarcloud.com"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
                }
              ],
              "value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
            }
          ],
          "source": {
            "advisory": "DIVD-2025-00009",
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-29756",
        "datePublished": "2025-06-11T08:01:16.794Z",
        "dateReserved": "2025-03-11T13:40:29.272Z",
        "dateUpdated": "2025-06-23T12:45:06.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22371 (GCVE-0-2025-22371)

    Vulnerability from cvelistv5 – Published: 2025-04-14 15:32 – Updated: 2025-04-21 11:43
    VLAI
    Title
    SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that. The issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SicommNet BASEC Affected: 14 Dec 2021 , ≤ 16 April 2025 23:00 EST (custom)
    Unaffected: 16 April 2025 23:00 EST , ≤ * (custom)
    Create a notification for this product.
    Date Public
    2025-04-12 00:00
    Credits
    Jesse Meijer (DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22371",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T15:55:21.888862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T15:56:47.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "SaaS"
              ],
              "product": "BASEC",
              "vendor": "SicommNet",
              "versions": [
                {
                  "lessThanOrEqual": "16 April 2025 23:00 EST",
                  "status": "affected",
                  "version": "14 Dec 2021",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "16 April 2025 23:00 EST",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jesse Meijer (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-04-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthentication and execute arbitrary SQL commands.\u003c/span\u003e\u003cp\u003eThis issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that.\u003c/p\u003e\u003cp\u003eThe issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time)\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that.\n\nThe issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time)"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
                }
              ],
              "value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            },
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:Y/V:C",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-21T11:43:09.671Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://basec.sicomm.net/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00001"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22371"
            }
          ],
          "source": {
            "advisory": "DIVD-2025-00001",
            "discovery": "INTERNAL"
          },
          "title": "SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22371",
        "datePublished": "2025-04-14T15:32:49.665Z",
        "dateReserved": "2025-01-03T14:56:05.686Z",
        "dateUpdated": "2025-04-21T11:43:09.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22373 (GCVE-0-2025-22373)

    Vulnerability from cvelistv5 – Published: 2025-04-14 15:32 – Updated: 2025-04-15 10:38
    VLAI
    Title
    XSS, HTML and Style injection on login page
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SicommNet BASEC Affected: 14 Dec 2021 , ≤ * (custom)
    Create a notification for this product.
    Date Public
    2025-04-12 00:00
    Credits
    Jesse Meijer (DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:06:57.312422Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T16:07:41.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "SaaS"
              ],
              "product": "BASEC",
              "vendor": "SicommNet",
              "versions": [
                {
                  "lessThanOrEqual": "*",
                  "status": "affected",
                  "version": "14 Dec 2021",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jesse Meijer (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-04-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles\u003cp\u003eThis issue affects BASEC: from 14 Dec 2021.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles\nThis issue affects BASEC: from 14 Dec 2021."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
                }
              ],
              "value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            },
            {
              "capecId": "CAPEC-32",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-32 XSS Through HTTP Query Strings"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/V:C",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-15T10:38:54.463Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://basec.sicomm.net/login/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00001"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22373"
            }
          ],
          "source": {
            "advisory": "DIVD-2025-00001",
            "discovery": "INTERNAL"
          },
          "title": "XSS, HTML and Style injection on login page",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22373",
        "datePublished": "2025-04-14T15:32:49.533Z",
        "dateReserved": "2025-01-03T14:56:05.686Z",
        "dateUpdated": "2025-04-15T10:38:54.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22372 (GCVE-0-2025-22372)

    Vulnerability from cvelistv5 – Published: 2025-04-14 15:32 – Updated: 2025-04-15 10:38
    VLAI
    Title
    Insecure password storage in SicommNet BASEC
    Summary
    Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14 Dec 2021.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    SicommNet BASEC Affected: 14 Dec 2021 , ≤ * (custom)
    Create a notification for this product.
    Date Public
    2025-04-12 00:00
    Credits
    Jesse Meijer (DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:13:35.134489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T16:16:42.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "SaaS"
              ],
              "product": "BASEC",
              "vendor": "SicommNet",
              "versions": [
                {
                  "lessThanOrEqual": "*",
                  "status": "affected",
                  "version": "14 Dec 2021",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jesse Meijer (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-04-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery.\u003cbr\u003e\u003cp\u003ePasswords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily.\u003cbr\u003e\u003cbr\u003eThis issue affects BASEC: from 14 Dec 2021.\u003c/p\u003e"
                }
              ],
              "value": "Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery.\nPasswords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily.\n\nThis issue affects BASEC: from 14 Dec 2021."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
                }
              ],
              "value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-50",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-50 Password Recovery Exploitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/V:C",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/V:C",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "When combined with CVE-2025-22371"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-15T10:38:53.145Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://basec.sicomm.net/login/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00001"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22372"
            }
          ],
          "source": {
            "advisory": "DIVD-2025-00001",
            "discovery": "INTERNAL"
          },
          "title": "Insecure password storage in SicommNet BASEC",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22372",
        "datePublished": "2025-04-14T15:32:49.367Z",
        "dateReserved": "2025-01-03T14:56:05.686Z",
        "dateUpdated": "2025-04-15T10:38:53.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22374 (GCVE-0-2025-22374)

    Vulnerability from cvelistv5 – Published: 2025-04-10 11:02 – Updated: 2025-04-10 13:08
    VLAI
    Title
    SSRF in CyberAudit-Web videx-legacy-ssl
    Summary
    A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-22374 third-party-advisory
    https://csirt.divd.nl/DIVD-2024-00043/ third-party-advisory
    Impacted products
    Vendor Product Version
    Videx Inc. CyberAudit-Web Affected: <= 1.1.3
    Create a notification for this product.
    Credits
    Hidde Smit (DIVD) Wietse Boonstra (DIVD) Max van der Horst (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T13:03:29.298871Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T13:08:07.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CyberAudit-Web",
              "vendor": "Videx Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 1.1.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hidde Smit (DIVD)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Wietse Boonstra (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Horst (DIVD)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx\u2019s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure.\u003c/p\u003e"
                }
              ],
              "value": "A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx\u2019s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:A/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-10T11:02:47.109Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22374"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2024-00043/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "SSRF in CyberAudit-Web videx-legacy-ssl",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22374",
        "datePublished": "2025-04-10T11:02:47.109Z",
        "dateReserved": "2025-01-03T14:56:05.687Z",
        "dateUpdated": "2025-04-10T13:08:07.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22375 (GCVE-0-2025-22375)

    Vulnerability from cvelistv5 – Published: 2025-04-10 11:02 – Updated: 2025-04-10 13:18
    VLAI
    Title
    Authentication Bypass in CyberAudit-Web
    Summary
    An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-22375 third-party-advisory
    https://csirt.divd.nl/DIVD-2024-00043/ third-party-advisory
    Impacted products
    Credits
    Hidde Smit (DIVD) Wietse Boonstra (DIVD) Max van der Horst (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T13:09:37.581013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T13:18:18.627Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CyberAudit-Web",
              "vendor": "Videx Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 9.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hidde Smit (DIVD)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Wietse Boonstra (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Horst (DIVD)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn authentication bypass vulnerability was found in Videx\u0027s CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance.\u003c/p\u003e"
                }
              ],
              "value": "An authentication bypass vulnerability was found in Videx\u0027s CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5\u00a0and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-10T11:02:46.646Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22375"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2024-00043/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Authentication Bypass in CyberAudit-Web",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22375",
        "datePublished": "2025-04-10T11:02:46.646Z",
        "dateReserved": "2025-01-03T14:56:05.687Z",
        "dateUpdated": "2025-04-10T13:18:18.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22369 (GCVE-0-2025-22369)

    Vulnerability from cvelistv5 – Published: 2025-03-11 13:40 – Updated: 2025-04-01 04:47
    VLAI
    Title
    Mennekes smart/premium charges systems, Arbitrary file download using ReadFile endpoint
    Summary
    The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mennekes Smart / Premium charging stations Affected: * , < 2.15 (semver)
    Create a notification for this product.
    Date Public
    2025-03-10 14:00
    Credits
    Wilco van Beijnum Harm van den Brink(DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T14:52:14.627801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T14:52:22.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart / Premium charging stations",
              "vendor": "Mennekes",
              "versions": [
                {
                  "lessThan": "2.15",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wilco van Beijnum"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Harm van den Brink(DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-03-10T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-597",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-597 Absolute Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-01T04:47:47.988Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22369"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00003"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.mennekes.nl/fileadmin/MEN-Deutschland/emobility/04_software/06_smart_premium/Release_Notes_for_2.15_06.03.2025.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Mennekes smart/premium charges systems, Arbitrary file download using ReadFile endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22369",
        "datePublished": "2025-03-11T13:40:24.403Z",
        "dateReserved": "2025-01-03T14:56:05.686Z",
        "dateUpdated": "2025-04-01T04:47:47.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22366 (GCVE-0-2025-22366)

    Vulnerability from cvelistv5 – Published: 2025-03-11 13:40 – Updated: 2025-04-01 04:47
    VLAI
    Title
    Mennekes smart/premium charges systems, Command injection in firmware upgrade
    Summary
    The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-250
    • OWASP-A03
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mennekes Smart / Premium charging stations Affected: * , < 2.15 (semver)
    Create a notification for this product.
    Date Public
    2025-03-10 14:00
    Credits
    Wilco van Beijnum Harm van den Brink(DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22366",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T14:53:28.425309Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T14:53:56.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart / Premium charging stations",
              "vendor": "Mennekes",
              "versions": [
                {
                  "lessThan": "2.15",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wilco van Beijnum"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Harm van den Brink(DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-03-10T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "OWASP-A03",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-01T04:47:47.110Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22366"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00003"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.mennekes.nl/fileadmin/MEN-Deutschland/emobility/04_software/06_smart_premium/Release_Notes_for_2.15_06.03.2025.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Mennekes smart/premium charges systems, Command injection in firmware upgrade",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22366",
        "datePublished": "2025-03-11T13:40:23.659Z",
        "dateReserved": "2025-01-03T14:56:05.685Z",
        "dateUpdated": "2025-04-01T04:47:47.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22370 (GCVE-0-2025-22370)

    Vulnerability from cvelistv5 – Published: 2025-03-11 13:40 – Updated: 2025-04-01 04:47
    VLAI
    Title
    Mennekes smart/premium charges systems, SQL Injection in web configuration interface
    Summary
    Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    • OWASP-A03
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mennekes Smart / Premium charging stations Affected: * , < 2.15 (semver)
    Create a notification for this product.
    Date Public
    2025-03-10 14:00
    Credits
    Wilco van Beijnum Harm van den Brink(DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T15:03:05.010221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T15:03:11.787Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart / Premium charging stations",
              "vendor": "Mennekes",
              "versions": [
                {
                  "lessThan": "2.15",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wilco van Beijnum"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Harm van den Brink(DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-03-10T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "OWASP-A03",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-01T04:47:46.281Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22370"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00003"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.mennekes.nl/fileadmin/MEN-Deutschland/emobility/04_software/06_smart_premium/Release_Notes_for_2.15_06.03.2025.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Mennekes smart/premium charges systems, SQL Injection in web configuration interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22370",
        "datePublished": "2025-03-11T13:40:22.946Z",
        "dateReserved": "2025-01-03T14:56:05.686Z",
        "dateUpdated": "2025-04-01T04:47:46.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22368 (GCVE-0-2025-22368)

    Vulnerability from cvelistv5 – Published: 2025-03-11 13:40 – Updated: 2025-04-01 04:47
    VLAI
    Title
    Mennekes smart/premium charges systems, Command injection in sCU firmware update
    Summary
    The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-250
    • OWASP-A03
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mennekes Smart / Premium charging stations Affected: * , < 2.15 (semver)
    Create a notification for this product.
    Date Public
    2025-03-10 14:00
    Credits
    Wilco van Beijnum Harm van den Brink(DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T15:03:42.139099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T15:03:48.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart / Premium charging stations",
              "vendor": "Mennekes",
              "versions": [
                {
                  "lessThan": "2.15",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wilco van Beijnum"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Harm van den Brink(DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-03-10T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "OWASP-A03",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-01T04:47:45.140Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22368"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00003"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.mennekes.nl/fileadmin/MEN-Deutschland/emobility/04_software/06_smart_premium/Release_Notes_for_2.15_06.03.2025.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Mennekes smart/premium charges systems, Command injection in sCU firmware update",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22368",
        "datePublished": "2025-03-11T13:40:22.216Z",
        "dateReserved": "2025-01-03T14:56:05.686Z",
        "dateUpdated": "2025-04-01T04:47:45.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22367 (GCVE-0-2025-22367)

    Vulnerability from cvelistv5 – Published: 2025-03-11 13:40 – Updated: 2025-04-01 04:47
    VLAI
    Title
    Mennekes smart/premium charges systems, Command injection in time setting
    Summary
    The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-250
    • OWASP-A03
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mennekes Smart / Premium charging stations Affected: * , < 2.15 (semver)
    Create a notification for this product.
    Date Public
    2025-03-10 14:00
    Credits
    Wilco van Beijnum Harm van den Brink(DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T19:23:05.314995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T19:23:24.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart / Premium charging stations",
              "vendor": "Mennekes",
              "versions": [
                {
                  "lessThan": "2.15",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wilco van Beijnum"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Harm van den Brink(DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-03-10T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "OWASP-A03",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-01T04:47:44.127Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-22367"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00003"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.mennekes.nl/fileadmin/MEN-Deutschland/emobility/04_software/06_smart_premium/Release_Notes_for_2.15_06.03.2025.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Mennekes smart/premium charges systems, Command injection in time setting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-22367",
        "datePublished": "2025-03-11T13:40:21.388Z",
        "dateReserved": "2025-01-03T14:56:05.686Z",
        "dateUpdated": "2025-04-01T04:47:44.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43651 (GCVE-0-2024-43651)

    Vulnerability from cvelistv5 – Published: 2025-01-09 07:56 – Updated: 2025-03-11 13:07
    VLAI
    Title
    Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
    Summary
    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially "pivot" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-250 - Execution with Unnecessary Privileges
    • OWASP-A03: Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Iocharger Iocharger firmware for AC models Affected: 0 , < 24120701 (custom)
    Create a notification for this product.
    Date Public
    2025-01-09 00:00
    Credits
    Wilco van Beijnum Harm van den Brink (DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T15:20:15.887605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T15:21:03.613Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Iocharger firmware for AC models",
              "vendor": "Iocharger",
              "versions": [
                {
                  "lessThan": "24120701",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wilco van Beijnum"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Harm van den Brink (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2025-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability allows OS Command Injection as root\u003cbr\u003eThis issue affects Iocharger firmware for AC models before version 241207101\u003cbr\u003e\u003cbr\u003eLikelihood: Moderate \u2013 The \u0026lt;redacted\u0026gt; binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the \u0026lt;redacted\u0026gt; binary, or convince a user with such access to execute a crafted HTTP request.\u003cbr\u003e\u003cbr\u003eImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\u003cbr\u003e\u003cbr\u003eCVSS clarification:\u0026nbsp;Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially \"pivot\" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y)."
                }
              ],
              "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability allows OS Command Injection as root\nThis issue affects Iocharger firmware for AC models before version 241207101\n\nLikelihood: Moderate \u2013 The \u003credacted\u003e binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the \u003credacted\u003e binary, or convince a user with such access to execute a crafted HTTP request.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\n\nCVSS clarification:\u00a0Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially \"pivot\" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y)."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/S:P/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250: Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "OWASP-A03: Injection",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T13:07:06.826Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2024-00035/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2024-43651/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://iocharger.com"
            }
          ],
          "source": {
            "advisory": "DIVD-2024-00035",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated command injection in the \u003credacted\u003e action leads to full remote code execution as root on the charging station",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2024-43651",
        "datePublished": "2025-01-09T07:56:47.394Z",
        "dateReserved": "2024-08-14T09:27:41.767Z",
        "dateUpdated": "2025-03-11T13:07:06.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }