Search criteria
17 vulnerabilities found for SCALANCE M-800 by Siemens
VAR-202103-1464
Vulnerability from variot - Updated: 2025-12-22 21:36An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd.
Bug Fix(es):
This update includes various bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Bugs fixed (https://bugzilla.redhat.com/):
1803849 - [RFE] Include per volume encryption with Vault integration in RHCS 4.1
1814681 - [RFE] use topologySpreadConstraints to evenly spread OSDs across hosts
1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability
1850089 - OBC CRD is outdated and leads to missing columns in get queries
1860594 - Toolbox pod should have toleration for OCS tainted nodes
1861104 - OCS podDisruptionBudget prevents successful OCP upgrades
1861878 - [RFE] use appropriate PDB values for OSD
1866301 - [RHOCS Usability Study][Installation] “Create storage cluster” should be a part of the installation flow or need to be emphasized as a crucial step.
1869406 - must-gather should include historical pod logs
1872730 - [RFE][External mode] Re-configure noobaa to use the updated RGW endpoint from the RHCS cluster
1874367 - "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1886112 - log message flood with Reconciling StorageCluster","Request.Namespace":"openshift-storage","Request.Name":"ocs-storagecluster"
1886416 - Uninstall 4.6: ocs-operator logging regarding noobaa-core PVC needs change
1886638 - CVE-2020-8565 kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9
1888839 - Create public route for ceph-rgw service
1892622 - [GSS] Noobaa management dashboard reporting High number of issues when the cluster is in healthy state
1893611 - Skip ceph commands collection attempt if must-gather helper pod is not created
1893613 - must-gather tries to collect ceph commands in external mode when storagecluster already deleted
1893619 - OCS must-gather: Inspect errors for cephobjectoreUser and few ceph commandd when storage cluster does not exist
1894412 - [RFE][External] RGW metrics should be made available even if anything else except 9283 is provided as the monitoring-endpoint-port
1896338 - OCS upgrade from 4.6 to 4.7 build failed
1897246 - OCS - ceph historical logs collection
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1898509 - [Tracker][RHV #1899565] Deployment on RHV/oVirt storage class ovirt-csi-sc failing
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1898808 - Rook-Ceph crash collector pod should not run on non-ocs node
1900711 - [RFE] Alerting for Namespace buckets and resources
1900722 - Failed to init upgrade process on noobaa-core-0
1900749 - Namespace Resource reported as Healthy when target bucket deleted
1900760 - RPC call for Namespace resource creation allows invalid target bucket names
1901134 - OCS - ceph historical logs collection
1902192 - [RFE][External] RGW metrics should be made available even if anything else except 9283 is provided as the monitoring-endpoint-port
1902685 - Too strict Content-Length header check refuses valid upload requests
1902711 - Tracker for Bug #1903078 Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready
1903973 - [Azure][ROKS] Set SSD tuning (tuneFastDeviceClass) as default for OSD devices in Azure/ROKS platform
1903975 - Add "ceph df detail" for ocs must-gather to enable support to debug compression
1904302 - [GSS] ceph_daemon label includes references to a replaced OSD that cause a prometheus ruleset to fail
1904929 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod
1907318 - Unable to deploy & upgrade to ocs 4.7 - missing postgres image reference
1908414 - [GSS][VMWare][ROKS] rgw pods are not showing up in OCS 4.5 - due to pg_limit issue
1908678 - ocs-osd-removal job failed with "Invalid value" error when using multiple ids
1909268 - OCS 4.7 UI install -All OCS operator pods respin after storagecluster creation
1909488 - [NooBaa CLI] CLI status command looks for wrong DB PV name
1909745 - pv-pool backing store name restriction should be at 43 characters
1910705 - OBCs are stuck in a Pending state
1911131 - Bucket stats in the NB dashboard are incorrect
1911266 - Backingstore phase is ready, modecode is INITIALIZING
1911627 - CVE-2020-26289 nodejs-date-and-time: ReDoS in parsing via date.compile
1911789 - Data deduplication does not work properly
1912421 - [RFE] noobaa cli allow the creation of BackingStores with already existing secrets
1912894 - OCS storagecluster is Progressing state and some noobaa pods missing with latest 4.7 build -4.7.0-223.ci and storagecluster reflected as 4.8.0 instead of 4.7.0
1913149 - make must-gather backward compatibility for version <4.6
1913357 - ocs-operator should show error when flexible scaling and arbiter are both enabled at the same time
1914132 - No metrics available in the Object Service Dashboard in OCS 4.7, logs show "failed to retrieve metrics exporter servicemonitor"
1914159 - When OCS was deployed using arbiter mode mon's are going into CLBO state, ceph version = 14.2.11-95
1914215 - must-gather fails to delete the completed state compute-xx-debug pods after successful completion
1915111 - OCS OSD selection algorithm is making some strange choices.
1915261 - Deleted MCG CRs are stuck in a 'Deleting' state
1915445 - Uninstall 4.7: Storagecluster deletion stuck on a partially created KMS enabled OCS cluster + support TLS configuration for KMS
1915644 - update noobaa db label in must-gather to collect db pod in noobaa dir
1915698 - There is missing noobaa-core-0 pod after upgrade from OCS 4.6 to OCS 4.7
1915706 - [Azure][RBD] PV taking longer time ~ 9 minutes to get deleted
1915730 - [ocs-operator] Create public route for ceph-rgw service
1915737 - Improve ocs-operator logging during uninstall to be more verbose, to understand reasons for failures - e.g. for Bug 1915445
1915758 - improve noobaa logging in case of uninstall - logs do not specify clearly the resource on which deletion is stuck
1915807 - Arbiter: OCS Install failed when used label = topology.kubernetes.io/zone instead of deprecated failureDomain label
1915851 - OCS PodDisruptionBudget redesign for OSDs to allow multiple nodes to drain in the same failure domain
1915953 - Must-gather takes hours to complete if the OCS cluster is not fully deployed, delay seen in ceph command collection step
1916850 - Uninstall 4.7- rook: Storagecluster deletion stuck on a partially created KMS enabled OCS cluster(OSD creation failed)
1917253 - Restore-pvc creation fails with error "csi-vol-* has unsupported quota"
1917815 - [IBM Z and Power] OSD pods restarting due to OOM during upgrade test using ocs-ci
1918360 - collect timestamp for must-gather commands and also the total time taken for must-gather to complete
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1918925 - noobaa operator pod logs messages for other components - like rook-ceph-mon, csi-pods, new Storageclass, etc
1918938 - ocs-operator has Error logs with "unable to deploy Prometheus rules"
1919967 - MCG RPC calls time out and the system is unresponsive
1920202 - RGW pod did not get created when OCS was deployed using arbiter mode
1920498 - [IBM Z] OSDs are OOM killed and storage cluster goes into error state during ocs-ci tier1 pvc expansion tests
1920507 - Creation of cephblockpool with compression failed on timeout
1921521 - Add support for VAULT_SKIP_VERIFY option in Ceph-CSI
1921540 - RBD PVC creation fails with error "invalid encryption kms configuration: "POD_NAMESPACE" is not set"
1921609 - MongoNetworkError messages in noobaa-core logs
1921625 - 'Not Found: Secret "noobaa-root-master-key" message' in noobaa logs and cli output when kms is configured
1922064 - uninstall on VMware LSO+ arbiter with 4 OSDs in Pending state: Storagecluster deletion stuck, waiting for cephcluster to be deleted
1922108 - OCS 4.7 4.7.0-242.ci and beyond: osd pods are not created
1922113 - noobaa-db pod init container is crashing after OCS upgrade from OCS 4.6 to OCS 4.7
1922119 - PVC snapshot creation failing on OCP4.6-OCS 4.7 cluster
1922421 - [ROKS] OCS deployment stuck at mon pod in pending state
1922954 - [IBM Z] OCS: Failed tests because of osd deviceset restarts
1924185 - Object Service Dashboard shows alerts related to "system-internal-storage-pool" in OCS 4.7
1924211 - 4.7.0-249.ci: RGW pod not deployed, rook logs show - failed to create object store "must be no more than 63 characters"
1924634 - MG terminal logs show pods "compute-x-debug" not found even though pods are in Running state
1924784 - RBD PVC creation fails with error "invalid encryption kms configuration: failed to parse kms configuration"
1924792 - RBD PVC creation fails with error "invalid encryption kms configuration: failed to parse kms configuration"
1925055 - OSD pod stuck in Init:CrashLoopBackOff following Node maintenance in OCP upgrade from OCP 4.7 to 4.7 nightly
1925179 - MG fix [continuation from bug 1893619]: Do not attempt creating helper pod if storagecluster/cephcluster already deleted
1925249 - KMS resources should be garbage collected when StorageCluster is deleted
1925533 - [GSS] Unable to install Noobaa in AWS govcloud
1926182 - [RFE] Support disabling reconciliation of monitoring related resources using a dedicated reconcile strategy flag
1926617 - osds are in Init:CrashLoopBackOff with rgw in CrashLoopBackOff on KMS enabled cluster
1926717 - Only one NOOBAA_ROOT_SECRET_PATH key created in vault when the same backend path is used for multiple OCS clusters
1926831 - [IBM][ROKS] Deploy RGW pods only if IBM COS is not available on platform
1927128 - [Tracker for BZ #1937088] When Performed add capacity over arbiter mode cluster ceph health reports PG_AVAILABILITY Reduced data availability: 25 pgs inactive, 25 pgs incomplete
1927138 - must-gather skip collection of ceph in every run
1927186 - Configure pv-pool as backing store if cos creds secret not found in IBM Cloud
1927317 - [Arbiter] Storage Cluster installation did not started because ocs-operator was Expecting 8 node found 4
1927330 - Namespacestore-backed OBCs are stuck on Pending
1927338 - Uninstall OCS: Include events for major CRs to know the cause of deletion getting stuck
1927885 - OCS 4.7: ocs operator pod in 1/1 state even when Storagecluster is in Progressing state
1928063 - For FD: rack: actual osd pod distribution and OSD placement in rack under ceph osd tree output do not match
1928451 - MCG CLI command of diagnose doesn't work on windows
1928471 - [Deployment blocker] Ceph OSDs do not register properly in the CRUSH map
1928487 - MCG CLI - noobaa ui command shows wss instead of https
1928642 - [IBM Z] rook-ceph-rgw pods restarts continously with ocs version 4.6.3 due to liveness probe failure
1931191 - Backing/namespacestores are stuck on Creating with credentials errors
1931810 - LSO deployment(flexibleScaling:true): 100% PGS unknown even though ceph osd tree placement is correct(root cause diff from bug 1928471)
1931839 - OSD in state init:CrashLoopBackOff with KMS signed certificates
1932400 - Namespacestore deletion takes 15 minutes
1933607 - Prevent reconcile of labels on all monitoring resources deployed by ocs-operator
1933609 - Prevent reconcile of labels on all monitoring resources deployed by rook
1933736 - Allow shrinking the cluster by removing OSDs
1934000 - Improve error logging for kv-v2 while using encryption with KMS
1934990 - Ceph health ERR post node drain on KMS encryption enabled cluster
1935342 - [RFE] Add OSD flapping alert
1936545 - [Tracker for BZ #1938669] setuid and setgid file bits are not retained after a OCS CephFS CSI restore
1936877 - Include at OCS Multi-Cloud Object Gateway core container image the fixes on CVEs from RHEL8 on "nodejs"
1937070 - Storage cluster cannot be uninstalled when cluster not fully configured
1937100 - [RGW][notification][kafka]: notification fails with error: pubsub endpoint configuration error: unknown schema in: kafka
1937245 - csi-cephfsplugin pods CrashLoopBackoff in fresh 4.6 cluster due to conflict with kube-rbac-proxy
1937768 - OBC with Cache BucketPolicy stuck on pending
1939026 - ServiceUnavailable when calling the CreateBucket operation (reached max retries: 4): Reduce your request rate
1939472 - Failure domain set incorrectly to zone if flexible scaling is enabled but there are >= 3 zones
1939617 - [Arbiter] Mons cannot be failed over in stretch mode
1940440 - noobaa migration pod is deleted on failure and logs are not available for inspection
1940476 - Backingstore deletion hangs
1940957 - Deletion of Rejected NamespaceStore is stuck even when target bucket and bucketclass are deleted
1941647 - OCS deployment fails when no backend path is specified for cluster wide encryption using KMS
1941977 - rook-ceph-osd-X gets stuck in initcontainer expand-encrypted-bluefs
1942344 - No permissions in /etc/passwd leads to fail noobaa-operaor
1942350 - No permissions in /etc/passwd leads to fail noobaa-operaor
1942519 - MCG should not use KMS to store encryption keys if cluster wide encryption is not enabled using KMS
1943275 - OSD pods re-spun after "add capacity" on cluster with KMS
1943596 - [Tracker for BZ #1944611][Arbiter] When Performed zone(zone=a) Power off and Power On, 3 mon pod(zone=b,c) goes in CLBO after node Power off and 2 Osd(zone=a) goes in CLBO after node Power on
1944980 - Noobaa deployment fails when no KMS backend path is provided during storagecluster creation
1946592 - [Arbiter] When both the rgw pod hosting nodes are down, the rgw service is unavailable
1946837 - OCS 4.7 Arbiter Mode Cluster becomes stuck when entire zone is shutdown
1955328 - Upgrade of noobaa DB failed when upgrading OCS 4.6 to 4.7
1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files
1957187 - Update to RHCS 4.2z1 Ceph container image at OCS 4.7.0
1957639 - Noobaa migrate job is failing when upgrading OCS 4.6.4 to 4.7 on FIPS environment
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary:
Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
- NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)
-
Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
-
Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)
-
Previously, the PVCs could not be provisioned as the
rook-ceph-mdsdid not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument--public-addr=podIPis added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) -
Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the
mds_cache_memory_limitargument during upgrades. With this update, themds_cache_memory_limitargument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) -
Previously, the coredumps were not generated in the correct location as rook was setting the config option
log_fileto an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of thelog_fileto build the dump path. With this update, rook does not set thelog_fileand keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under/var/log/ceph/. (BZ#1938049) -
Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)
-
Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983)
All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod
- References:
https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time 1935897 - Release of OpenShift Serverless Serving 1.14.0 1935898 - Release of OpenShift Serverless Eventing 1.14.0
-
Gentoo Linux Security Advisory GLSA 202103-03
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 31, 2021 Bugs: #769785, #777681 ID: 202103-03
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well as a general purpose cryptography library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.1.1k >= 1.1.1k
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1k"
References
[ 1 ] CVE-2021-23840 https://nvd.nist.gov/vuln/detail/CVE-2021-23840 [ 2 ] CVE-2021-23841 https://nvd.nist.gov/vuln/detail/CVE-2021-23841 [ 3 ] CVE-2021-3449 https://nvd.nist.gov/vuln/detail/CVE-2021-3449 [ 4 ] CVE-2021-3450 https://nvd.nist.gov/vuln/detail/CVE-2021-3450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202103-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fixes:
-
RHACM 2.1.6 images (BZ#1940581)
-
When generating the import cluster string, it can include unescaped characters (BZ#1934184)
-
Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation 1934184 - When generating the import cluster string, it can include unescaped characters 1940581 - RHACM 2.1.6 images
- Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- ========================================================================== Ubuntu Security Notice USN-5038-1 August 12, 2021
postgresql-10, postgresql-12, postgresql-13 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description: - postgresql-13: Object-relational SQL database - postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database
Details:
It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. (CVE-2021-3677)
It was discovered that PostgreSQL incorrectly handled certain SSL renegotiation ClientHello messages from clients. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2021-3449)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: postgresql-13 13.4-0ubuntu0.21.04.1
Ubuntu 20.04 LTS: postgresql-12 12.8-0ubuntu0.20.04.1
Ubuntu 18.04 LTS: postgresql-10 10.18-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic cloud connect 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic net cp 1543sp-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "simatic pdm",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "9.1.0.7"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "sma100",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.0"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "scalance s627-2m",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic process historian opc ua server",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "scalance xr524-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic rf188ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1243-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "simatic s7-1200 cpu 1217c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics connect 300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "scalance xm-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic net cp1243-7 lte eu",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "communications communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "simatic rf360r",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s615",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "simatic mv500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1212fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec pni",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "scalance w700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.5"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xr552-12",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic net cp1243-7 lte us",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.17.0"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "simatic rf166c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic s7-1200 cpu 1215c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "scalance xr526-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "tim 1531 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "scalance sc-600",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic pcs 7 telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1215 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "simatic rf186ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "capture client",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.5"
},
{
"model": "simatic logon",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.0.2"
},
{
"model": "simatic wincc telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s623",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance lpe9403",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1214 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "scalance m-800",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "scalance s612",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "scalance xr528-6m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "tia administrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic logon",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "sinumerik opc ua server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance s602",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "ruggedcom rcm1224",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "simatic net cp 1545-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic cloud connect 7",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "scalance w1700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "simatic net cp 1543-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162197"
}
],
"trust": 0.7
},
"cve": "CVE-2021-3449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3449",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-388130",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3449",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3449",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-388130",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-3449",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "VULMON",
"id": "CVE-2021-3449"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. \nExploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. \nThis advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd. \n\nBug Fix(es):\n\nThis update includes various bug fixes and enhancements. Space precludes\ndocumenting all of these changes in this advisory. Bugs fixed (https://bugzilla.redhat.com/):\n\n1803849 - [RFE] Include per volume encryption with Vault integration in RHCS 4.1\n1814681 - [RFE] use topologySpreadConstraints to evenly spread OSDs across hosts\n1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability\n1850089 - OBC CRD is outdated and leads to missing columns in get queries\n1860594 - Toolbox pod should have toleration for OCS tainted nodes\n1861104 - OCS podDisruptionBudget prevents successful OCP upgrades\n1861878 - [RFE] use appropriate PDB values for OSD\n1866301 - [RHOCS Usability Study][Installation] \u201cCreate storage cluster\u201d should be a part of the installation flow or need to be emphasized as a crucial step. \n1869406 - must-gather should include historical pod logs\n1872730 - [RFE][External mode] Re-configure noobaa to use the updated RGW endpoint from the RHCS cluster\n1874367 - \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1886112 - log message flood with Reconciling StorageCluster\",\"Request.Namespace\":\"openshift-storage\",\"Request.Name\":\"ocs-storagecluster\"\n1886416 - Uninstall 4.6: ocs-operator logging regarding noobaa-core PVC needs change\n1886638 - CVE-2020-8565 kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9\n1888839 - Create public route for ceph-rgw service\n1892622 - [GSS] Noobaa management dashboard reporting High number of issues when the cluster is in healthy state\n1893611 - Skip ceph commands collection attempt if must-gather helper pod is not created\n1893613 - must-gather tries to collect ceph commands in external mode when storagecluster already deleted\n1893619 - OCS must-gather: Inspect errors for cephobjectoreUser and few ceph commandd when storage cluster does not exist\n1894412 - [RFE][External] RGW metrics should be made available even if anything else except 9283 is provided as the monitoring-endpoint-port\n1896338 - OCS upgrade from 4.6 to 4.7 build failed\n1897246 - OCS - ceph historical logs collection\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1898509 - [Tracker][RHV #1899565] Deployment on RHV/oVirt storage class ovirt-csi-sc failing\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898808 - Rook-Ceph crash collector pod should not run on non-ocs node\n1900711 - [RFE] Alerting for Namespace buckets and resources\n1900722 - Failed to init upgrade process on noobaa-core-0\n1900749 - Namespace Resource reported as Healthy when target bucket deleted\n1900760 - RPC call for Namespace resource creation allows invalid target bucket names\n1901134 - OCS - ceph historical logs collection\n1902192 - [RFE][External] RGW metrics should be made available even if anything else except 9283 is provided as the monitoring-endpoint-port\n1902685 - Too strict Content-Length header check refuses valid upload requests\n1902711 - Tracker for Bug #1903078 Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903973 - [Azure][ROKS] Set SSD tuning (tuneFastDeviceClass) as default for OSD devices in Azure/ROKS platform\n1903975 - Add \"ceph df detail\" for ocs must-gather to enable support to debug compression\n1904302 - [GSS] ceph_daemon label includes references to a replaced OSD that cause a prometheus ruleset to fail\n1904929 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1907318 - Unable to deploy \u0026 upgrade to ocs 4.7 - missing postgres image reference\n1908414 - [GSS][VMWare][ROKS] rgw pods are not showing up in OCS 4.5 - due to pg_limit issue\n1908678 - ocs-osd-removal job failed with \"Invalid value\" error when using multiple ids\n1909268 - OCS 4.7 UI install -All OCS operator pods respin after storagecluster creation\n1909488 - [NooBaa CLI] CLI status command looks for wrong DB PV name\n1909745 - pv-pool backing store name restriction should be at 43 characters\n1910705 - OBCs are stuck in a Pending state\n1911131 - Bucket stats in the NB dashboard are incorrect\n1911266 - Backingstore phase is ready, modecode is INITIALIZING\n1911627 - CVE-2020-26289 nodejs-date-and-time: ReDoS in parsing via date.compile\n1911789 - Data deduplication does not work properly\n1912421 - [RFE] noobaa cli allow the creation of BackingStores with already existing secrets\n1912894 - OCS storagecluster is Progressing state and some noobaa pods missing with latest 4.7 build -4.7.0-223.ci and storagecluster reflected as 4.8.0 instead of 4.7.0\n1913149 - make must-gather backward compatibility for version \u003c4.6\n1913357 - ocs-operator should show error when flexible scaling and arbiter are both enabled at the same time\n1914132 - No metrics available in the Object Service Dashboard in OCS 4.7, logs show \"failed to retrieve metrics exporter servicemonitor\"\n1914159 - When OCS was deployed using arbiter mode mon\u0027s are going into CLBO state, ceph version = 14.2.11-95\n1914215 - must-gather fails to delete the completed state compute-xx-debug pods after successful completion\n1915111 - OCS OSD selection algorithm is making some strange choices. \n1915261 - Deleted MCG CRs are stuck in a \u0027Deleting\u0027 state\n1915445 - Uninstall 4.7: Storagecluster deletion stuck on a partially created KMS enabled OCS cluster + support TLS configuration for KMS\n1915644 - update noobaa db label in must-gather to collect db pod in noobaa dir\n1915698 - There is missing noobaa-core-0 pod after upgrade from OCS 4.6 to OCS 4.7\n1915706 - [Azure][RBD] PV taking longer time ~ 9 minutes to get deleted\n1915730 - [ocs-operator] Create public route for ceph-rgw service\n1915737 - Improve ocs-operator logging during uninstall to be more verbose, to understand reasons for failures - e.g. for Bug 1915445\n1915758 - improve noobaa logging in case of uninstall - logs do not specify clearly the resource on which deletion is stuck\n1915807 - Arbiter: OCS Install failed when used label = topology.kubernetes.io/zone instead of deprecated failureDomain label\n1915851 - OCS PodDisruptionBudget redesign for OSDs to allow multiple nodes to drain in the same failure domain\n1915953 - Must-gather takes hours to complete if the OCS cluster is not fully deployed, delay seen in ceph command collection step\n1916850 - Uninstall 4.7- rook: Storagecluster deletion stuck on a partially created KMS enabled OCS cluster(OSD creation failed)\n1917253 - Restore-pvc creation fails with error \"csi-vol-* has unsupported quota\"\n1917815 - [IBM Z and Power] OSD pods restarting due to OOM during upgrade test using ocs-ci\n1918360 - collect timestamp for must-gather commands and also the total time taken for must-gather to complete\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1918925 - noobaa operator pod logs messages for other components - like rook-ceph-mon, csi-pods, new Storageclass, etc\n1918938 - ocs-operator has Error logs with \"unable to deploy Prometheus rules\"\n1919967 - MCG RPC calls time out and the system is unresponsive\n1920202 - RGW pod did not get created when OCS was deployed using arbiter mode\n1920498 - [IBM Z] OSDs are OOM killed and storage cluster goes into error state during ocs-ci tier1 pvc expansion tests\n1920507 - Creation of cephblockpool with compression failed on timeout\n1921521 - Add support for VAULT_SKIP_VERIFY option in Ceph-CSI\n1921540 - RBD PVC creation fails with error \"invalid encryption kms configuration: \"POD_NAMESPACE\" is not set\"\n1921609 - MongoNetworkError messages in noobaa-core logs\n1921625 - \u0027Not Found: Secret \"noobaa-root-master-key\" message\u0027 in noobaa logs and cli output when kms is configured\n1922064 - uninstall on VMware LSO+ arbiter with 4 OSDs in Pending state: Storagecluster deletion stuck, waiting for cephcluster to be deleted\n1922108 - OCS 4.7 4.7.0-242.ci and beyond: osd pods are not created\n1922113 - noobaa-db pod init container is crashing after OCS upgrade from OCS 4.6 to OCS 4.7\n1922119 - PVC snapshot creation failing on OCP4.6-OCS 4.7 cluster\n1922421 - [ROKS] OCS deployment stuck at mon pod in pending state\n1922954 - [IBM Z] OCS: Failed tests because of osd deviceset restarts\n1924185 - Object Service Dashboard shows alerts related to \"system-internal-storage-pool\" in OCS 4.7\n1924211 - 4.7.0-249.ci: RGW pod not deployed, rook logs show - failed to create object store \"must be no more than 63 characters\"\n1924634 - MG terminal logs show `pods \"compute-x-debug\" not found` even though pods are in Running state\n1924784 - RBD PVC creation fails with error \"invalid encryption kms configuration: failed to parse kms configuration\"\n1924792 - RBD PVC creation fails with error \"invalid encryption kms configuration: failed to parse kms configuration\"\n1925055 - OSD pod stuck in Init:CrashLoopBackOff following Node maintenance in OCP upgrade from OCP 4.7 to 4.7 nightly\n1925179 - MG fix [continuation from bug 1893619]: Do not attempt creating helper pod if storagecluster/cephcluster already deleted\n1925249 - KMS resources should be garbage collected when StorageCluster is deleted\n1925533 - [GSS] Unable to install Noobaa in AWS govcloud\n1926182 - [RFE] Support disabling reconciliation of monitoring related resources using a dedicated reconcile strategy flag\n1926617 - osds are in Init:CrashLoopBackOff with rgw in CrashLoopBackOff on KMS enabled cluster\n1926717 - Only one NOOBAA_ROOT_SECRET_PATH key created in vault when the same backend path is used for multiple OCS clusters\n1926831 - [IBM][ROKS] Deploy RGW pods only if IBM COS is not available on platform\n1927128 - [Tracker for BZ #1937088] When Performed add capacity over arbiter mode cluster ceph health reports PG_AVAILABILITY Reduced data availability: 25 pgs inactive, 25 pgs incomplete\n1927138 - must-gather skip collection of ceph in every run\n1927186 - Configure pv-pool as backing store if cos creds secret not found in IBM Cloud\n1927317 - [Arbiter] Storage Cluster installation did not started because ocs-operator was Expecting 8 node found 4\n1927330 - Namespacestore-backed OBCs are stuck on Pending\n1927338 - Uninstall OCS: Include events for major CRs to know the cause of deletion getting stuck\n1927885 - OCS 4.7: ocs operator pod in 1/1 state even when Storagecluster is in Progressing state\n1928063 - For FD: rack: actual osd pod distribution and OSD placement in rack under ceph osd tree output do not match\n1928451 - MCG CLI command of diagnose doesn\u0027t work on windows\n1928471 - [Deployment blocker] Ceph OSDs do not register properly in the CRUSH map\n1928487 - MCG CLI - noobaa ui command shows wss instead of https\n1928642 - [IBM Z] rook-ceph-rgw pods restarts continously with ocs version 4.6.3 due to liveness probe failure\n1931191 - Backing/namespacestores are stuck on Creating with credentials errors\n1931810 - LSO deployment(flexibleScaling:true): 100% PGS unknown even though ceph osd tree placement is correct(root cause diff from bug 1928471)\n1931839 - OSD in state init:CrashLoopBackOff with KMS signed certificates\n1932400 - Namespacestore deletion takes 15 minutes\n1933607 - Prevent reconcile of labels on all monitoring resources deployed by ocs-operator\n1933609 - Prevent reconcile of labels on all monitoring resources deployed by rook\n1933736 - Allow shrinking the cluster by removing OSDs\n1934000 - Improve error logging for kv-v2 while using encryption with KMS\n1934990 - Ceph health ERR post node drain on KMS encryption enabled cluster\n1935342 - [RFE] Add OSD flapping alert\n1936545 - [Tracker for BZ #1938669] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1936877 - Include at OCS Multi-Cloud Object Gateway core container image the fixes on CVEs from RHEL8 on \"nodejs\"\n1937070 - Storage cluster cannot be uninstalled when cluster not fully configured\n1937100 - [RGW][notification][kafka]: notification fails with error: pubsub endpoint configuration error: unknown schema in: kafka\n1937245 - csi-cephfsplugin pods CrashLoopBackoff in fresh 4.6 cluster due to conflict with kube-rbac-proxy\n1937768 - OBC with Cache BucketPolicy stuck on pending\n1939026 - ServiceUnavailable when calling the CreateBucket operation (reached max retries: 4): Reduce your request rate\n1939472 - Failure domain set incorrectly to zone if flexible scaling is enabled but there are \u003e= 3 zones\n1939617 - [Arbiter] Mons cannot be failed over in stretch mode\n1940440 - noobaa migration pod is deleted on failure and logs are not available for inspection\n1940476 - Backingstore deletion hangs\n1940957 - Deletion of Rejected NamespaceStore is stuck even when target bucket and bucketclass are deleted\n1941647 - OCS deployment fails when no backend path is specified for cluster wide encryption using KMS\n1941977 - rook-ceph-osd-X gets stuck in initcontainer expand-encrypted-bluefs\n1942344 - No permissions in /etc/passwd leads to fail noobaa-operaor\n1942350 - No permissions in /etc/passwd leads to fail noobaa-operaor\n1942519 - MCG should not use KMS to store encryption keys if cluster wide encryption is not enabled using KMS\n1943275 - OSD pods re-spun after \"add capacity\" on cluster with KMS\n1943596 - [Tracker for BZ #1944611][Arbiter] When Performed zone(zone=a) Power off and Power On, 3 mon pod(zone=b,c) goes in CLBO after node Power off and 2 Osd(zone=a) goes in CLBO after node Power on\n1944980 - Noobaa deployment fails when no KMS backend path is provided during storagecluster creation\n1946592 - [Arbiter] When both the rgw pod hosting nodes are down, the rgw service is unavailable\n1946837 - OCS 4.7 Arbiter Mode Cluster becomes stuck when entire zone is shutdown\n1955328 - Upgrade of noobaa DB failed when upgrading OCS 4.6 to 4.7\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957187 - Update to RHCS 4.2z1 Ceph container image at OCS 4.7.0\n1957639 - Noobaa migrate job is failing when upgrading OCS 4.6.4 to 4.7 on FIPS environment\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update\nAdvisory ID: RHSA-2021:2479-01\nProduct: Red Hat OpenShift Container Storage\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2479\nIssue date: 2021-06-17\nCVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708\n CVE-2019-3842 CVE-2019-9169 CVE-2019-13012\n CVE-2019-14866 CVE-2019-25013 CVE-2020-8231\n CVE-2020-8284 CVE-2020-8285 CVE-2020-8286\n CVE-2020-8927 CVE-2020-9948 CVE-2020-9951\n CVE-2020-9983 CVE-2020-13434 CVE-2020-13543\n CVE-2020-13584 CVE-2020-13776 CVE-2020-15358\n CVE-2020-24977 CVE-2020-25659 CVE-2020-25678\n CVE-2020-26116 CVE-2020-26137 CVE-2020-27618\n CVE-2020-27619 CVE-2020-27783 CVE-2020-28196\n CVE-2020-29361 CVE-2020-29362 CVE-2020-29363\n CVE-2020-36242 CVE-2021-3139 CVE-2021-3177\n CVE-2021-3326 CVE-2021-3449 CVE-2021-3450\n CVE-2021-3528 CVE-2021-20305 CVE-2021-23239\n CVE-2021-23240 CVE-2021-23336\n====================================================================\n1. Summary:\n\nUpdated images that fix one security issue and several bugs are now\navailable for Red Hat OpenShift Container Storage 4.6.5 on Red Hat\nEnterprise Linux 8 from Red Hat Container Registry. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Container Storage is a highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files\n(CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the\nOpenShift Container Platform nodes are running on a version of Red Hat\nEnterprise Linux which is less than 8.2, and the snapshot from which the\nPVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored\nuntil the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when\nOpenShift Container Storage was deployed, due to incorrect identification\nof AWS S3. With this update, the default backingstore gets created when\nOpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the\ndebug option was not set. With this update, the log messages are printed to\nthe endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did\nnot register the pod IP on the monitor servers, and hence every mount on\nthe filesystem timed out, resulting in CephFS volume provisioning failure. \nWith this update, an argument `--public-addr=podIP` is added to the MDS pod\nwhen the host network is not enabled, and hence the CephFS volume\nprovisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated\nwith the correct cache value, and hence MDSs in standby-replay might report\nan oversized cache, as rook did not apply the `mds_cache_memory_limit`\nargument during upgrades. With this update, the `mds_cache_memory_limit`\nargument is applied during upgrades and the mds daemon operates normally. \n(BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as\nrook was setting the config option `log_file` to an empty string since\nlogging happened on stdout and not on the files, and hence Ceph read the\nvalue of the `log_file` to build the dump path. With this update, rook does\nnot set the `log_file` and keeps Ceph\u0027s internal default, and hence the\ncoredumps are generated in the correct location and are accessible under\n`/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon\npod was drained while another mon was failing over. With this update,\nvoluntary mon drains are prevented while a mon is failing over, and hence\nCeph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously\nremove the new mon if the operator was restarted during a mon failover. \nWith this update, the operator completes the same mon failover after the\noperator is restarted, and hence the mon quorum is more reliable in the\nnode drains and mon failover scenarios. (BZ#1959983)\n\nAll users of Red Hat OpenShift Container Storage are advised to pull these\nnew images from the Red Hat Container Registry. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b\n1951348 - [GSS][CephFS] health warning \"MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files\" for the standby-replay\n1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]\n1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover\n1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout\n1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25678\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2021-3139\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3528\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-23239\nhttps://access.redhat.com/security/cve/CVE-2021-23240\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND\nQ1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo\nFKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS\nv59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF\nHXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd\n6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN\nkAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC\nL+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG\nsIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz\nV144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO\nAQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT\nRCrstqAM5QQ=DHD0\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time\n1935897 - Release of OpenShift Serverless Serving 1.14.0\n1935898 - Release of OpenShift Serverless Eventing 1.14.0\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202103-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: March 31, 2021\n Bugs: #769785, #777681\n ID: 202103-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould allow remote attackers to cause a Denial of Service condition. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as\nwell as a general purpose cryptography library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.1.1k \u003e= 1.1.1k\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.1.1k\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-23840\n https://nvd.nist.gov/vuln/detail/CVE-2021-23840\n[ 2 ] CVE-2021-23841\n https://nvd.nist.gov/vuln/detail/CVE-2021-23841\n[ 3 ] CVE-2021-3449\n https://nvd.nist.gov/vuln/detail/CVE-2021-3449\n[ 4 ] CVE-2021-3450\n https://nvd.nist.gov/vuln/detail/CVE-2021-3450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202103-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fixes:\n\n* RHACM 2.1.6 images (BZ#1940581)\n\n* When generating the import cluster string, it can include unescaped\ncharacters (BZ#1934184)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation\n1934184 - When generating the import cluster string, it can include unescaped characters\n1940581 - RHACM 2.1.6 images\n\n5. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n5. ==========================================================================\nUbuntu Security Notice USN-5038-1\nAugust 12, 2021\n\npostgresql-10, postgresql-12, postgresql-13 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PostgreSQL. \n\nSoftware Description:\n- postgresql-13: Object-relational SQL database\n- postgresql-12: Object-relational SQL database\n- postgresql-10: Object-relational SQL database\n\nDetails:\n\nIt was discovered that the PostgresQL planner could create incorrect plans\nin certain circumstances. A remote attacker could use this issue to cause\nPostgreSQL to crash, resulting in a denial of service, or possibly obtain\nsensitive information from memory. (CVE-2021-3677)\n\nIt was discovered that PostgreSQL incorrectly handled certain SSL\nrenegotiation ClientHello messages from clients. A remote attacker could\npossibly use this issue to cause PostgreSQL to crash, resulting in a denial\nof service. (CVE-2021-3449)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n postgresql-13 13.4-0ubuntu0.21.04.1\n\nUbuntu 20.04 LTS:\n postgresql-12 12.8-0ubuntu0.20.04.1\n\nUbuntu 18.04 LTS:\n postgresql-10 10.18-0ubuntu0.18.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart PostgreSQL to\nmake all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
},
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "VULMON",
"id": "CVE-2021-3449"
},
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "163815"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3449",
"trust": 2.1
},
{
"db": "TENABLE",
"id": "TNS-2021-06",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-772220",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.2
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.2
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-99170",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388130",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-104-05",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-3449",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163815",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "VULMON",
"id": "CVE-2021-3449"
},
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "163815"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"id": "VAR-202103-1464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
}
],
"trust": 0.6962928186666667
},
"last_update_date": "2025-12-22T21:36:21.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Debian Security Advisories: DSA-4875-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b5207bd1e788bc6e8d94f410cf4801bc"
},
{
"title": "Red Hat: CVE-2021-3449",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-3449"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1622",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1622"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-3449 log"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-openssl-2021-GHY28dJd"
},
{
"title": "Hitachi Security Advisories: Vulnerability in JP1/Base and JP1/ File Transmission Server/FTP",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-130"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.18.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-06"
},
{
"title": "Tenable Security Advisories: [R1] Nessus 8.13.2 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-05"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-117"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-119"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-09"
},
{
"title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-10"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory"
},
{
"title": "CVE-2021-3449 OpenSSL \u003c1.1.1k DoS exploit",
"trust": 0.1,
"url": "https://github.com/terorie/cve-2021-3449 "
},
{
"title": "CVE-2021-3449 OpenSSL \u003c1.1.1k DoS exploit",
"trust": 0.1,
"url": "https://github.com/gitchangye/cve "
},
{
"title": "NSAPool-PenTest",
"trust": 0.1,
"url": "https://github.com/AliceMongodin/NSAPool-PenTest "
},
{
"title": "Analysis of attack vectors for embedded Linux",
"trust": 0.1,
"url": "https://github.com/FeFi7/attacking_embedded_linux "
},
{
"title": "openssl-cve",
"trust": 0.1,
"url": "https://github.com/yonhan3/openssl-cve "
},
{
"title": "CVE-Check",
"trust": 0.1,
"url": "https://github.com/falk-werner/cve-check "
},
{
"title": "SEEKER_dataset",
"trust": 0.1,
"url": "https://github.com/SF4bin/SEEKER_dataset "
},
{
"title": "Year of the Jellyfish (YotJF)",
"trust": 0.1,
"url": "https://github.com/rnbochsr/yr_of_the_jellyfish "
},
{
"title": "https://github.com/tianocore-docs/ThirdPartySecurityAdvisories",
"trust": 0.1,
"url": "https://github.com/tianocore-docs/ThirdPartySecurityAdvisories "
},
{
"title": "TASSL-1.1.1k",
"trust": 0.1,
"url": "https://github.com/jntass/TASSL-1.1.1k "
},
{
"title": "Trivy by Aqua security\nRefer this official repository for explore Trivy Action",
"trust": 0.1,
"url": "https://github.com/scholarnishu/Trivy-by-AquaSecurity "
},
{
"title": "Trivy by Aqua security\nRefer this official repository for explore Trivy Action",
"trust": 0.1,
"url": "https://github.com/thecyberbaby/Trivy-by-aquaSecurity "
},
{
"title": "\ud83d\udc31 Catlin Vulnerability Scanner \ud83d\udc31",
"trust": 0.1,
"url": "https://github.com/vinamra28/tekton-image-scan-trivy "
},
{
"title": "DEVOPS + ACR + TRIVY",
"trust": 0.1,
"url": "https://github.com/arindam0310018/04-Apr-2022-DevOps__Scan-Images-In-ACR-Using-Trivy "
},
{
"title": "Trivy Demo",
"trust": 0.1,
"url": "https://github.com/fredrkl/trivy-demo "
},
{
"title": "GitHub Actions CI App Pipeline",
"trust": 0.1,
"url": "https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc "
},
{
"title": "Awesome Stars",
"trust": 0.1,
"url": "https://github.com/taielab/awesome-hacking-lists "
},
{
"title": "podcast-dl-gael",
"trust": 0.1,
"url": "https://github.com/GitHubForSnap/podcast-dl-gael "
},
{
"title": "sec-tools",
"trust": 0.1,
"url": "https://github.com/matengfei000/sec-tools "
},
{
"title": "sec-tools",
"trust": 0.1,
"url": "https://github.com/anquanscan/sec-tools "
},
{
"title": "\u66f4\u65b0\u4e8e 2023-11-27 08:36:01\n\u5b89\u5168\n\u5f00\u53d1\n\u672a\u5206\u7c7b\n\u6742\u4e03\u6742\u516b",
"trust": 0.1,
"url": "https://github.com/20142995/sectool "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "OpenSSL-CVE-lib",
"trust": 0.1,
"url": "https://github.com/chnzzh/OpenSSL-CVE-lib "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/manas3c/CVE-POC "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/03/25/openssl_bug_fix/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3449"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 1.3,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"trust": 1.2,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.2,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.2,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.2,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.2,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25678"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25678"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3139"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3528"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/terorie/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-05"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26289"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2479"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5038-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3677"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postgresql-10/10.18-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postgresql-12/12.8-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postgresql-13/13.4-0ubuntu0.21.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "VULMON",
"id": "CVE-2021-3449"
},
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "163815"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "VULMON",
"id": "CVE-2021-3449"
},
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "163815"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2021-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3449"
},
{
"date": "2021-05-19T14:22:15",
"db": "PACKETSTORM",
"id": "162699"
},
{
"date": "2021-06-17T18:34:10",
"db": "PACKETSTORM",
"id": "163209"
},
{
"date": "2021-04-29T14:37:49",
"db": "PACKETSTORM",
"id": "162383"
},
{
"date": "2021-04-14T16:40:32",
"db": "PACKETSTORM",
"id": "162183"
},
{
"date": "2021-04-23T15:10:34",
"db": "PACKETSTORM",
"id": "162307"
},
{
"date": "2021-03-31T14:36:01",
"db": "PACKETSTORM",
"id": "162041"
},
{
"date": "2021-04-26T19:21:56",
"db": "PACKETSTORM",
"id": "162337"
},
{
"date": "2021-04-15T13:50:04",
"db": "PACKETSTORM",
"id": "162197"
},
{
"date": "2021-08-13T14:20:11",
"db": "PACKETSTORM",
"id": "163815"
},
{
"date": "2021-03-25T15:15:13.450000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3449"
},
{
"date": "2024-11-21T06:21:33.050000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "163815"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-2041-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "162699"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162307"
}
],
"trust": 0.2
}
}
VAR-201710-1433
Vulnerability from variot - Updated: 2025-12-22 21:15Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Ubuntu Security Notice USN-3430-3 January 04, 2018
dnsmasq regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
USN-3430-2 introduced regression in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem.
We apologize for the inconvenience.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14491)
Felix Wilhelm, Fermin J. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: dnsmasq=C2=A02.59-4ubuntu0.4 dnsmasq-base2.59-4ubuntu0.4 dnsmasq-utils2.59-4ubuntu0.4
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: dnsmasq security update Advisory ID: RHSA-2017:2837-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2837 Issue date: 2017-10-02 CVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 =====================================================================
- Summary:
An update for dnsmasq is now available for Red Hat Enterprise Linux 7.2 Extended Update Support and Red Hat Enterprise Linux 7.3 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64
- Description:
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
-
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. (CVE-2017-14491)
-
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)
-
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)
-
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494)
Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies 1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code 1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code 1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code
- Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.2):
Source: dnsmasq-2.66-14.el7_2.2.src.rpm
x86_64: dnsmasq-2.66-14.el7_2.2.x86_64.rpm dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode EUS (v. 7.3):
Source: dnsmasq-2.66-21.el7_3.2.src.rpm
x86_64: dnsmasq-2.66-21.el7_3.2.x86_64.rpm dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2):
x86_64: dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm dnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):
x86_64: dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm dnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: dnsmasq-2.66-14.el7_2.2.src.rpm
ppc64: dnsmasq-2.66-14.el7_2.2.ppc64.rpm dnsmasq-debuginfo-2.66-14.el7_2.2.ppc64.rpm
ppc64le: dnsmasq-2.66-14.el7_2.2.ppc64le.rpm dnsmasq-debuginfo-2.66-14.el7_2.2.ppc64le.rpm
s390x: dnsmasq-2.66-14.el7_2.2.s390x.rpm dnsmasq-debuginfo-2.66-14.el7_2.2.s390x.rpm
x86_64: dnsmasq-2.66-14.el7_2.2.x86_64.rpm dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: dnsmasq-2.66-21.el7_3.2.src.rpm
ppc64: dnsmasq-2.66-21.el7_3.2.ppc64.rpm dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64.rpm
ppc64le: dnsmasq-2.66-21.el7_3.2.ppc64le.rpm dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64le.rpm
s390x: dnsmasq-2.66-21.el7_3.2.s390x.rpm dnsmasq-debuginfo-2.66-21.el7_3.2.s390x.rpm
x86_64: dnsmasq-2.66-21.el7_3.2.x86_64.rpm dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.2):
ppc64: dnsmasq-debuginfo-2.66-14.el7_2.2.ppc64.rpm dnsmasq-utils-2.66-14.el7_2.2.ppc64.rpm
ppc64le: dnsmasq-debuginfo-2.66-14.el7_2.2.ppc64le.rpm dnsmasq-utils-2.66-14.el7_2.2.ppc64le.rpm
s390x: dnsmasq-debuginfo-2.66-14.el7_2.2.s390x.rpm dnsmasq-utils-2.66-14.el7_2.2.s390x.rpm
x86_64: dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm dnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.3):
ppc64: dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64.rpm dnsmasq-utils-2.66-21.el7_3.2.ppc64.rpm
ppc64le: dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64le.rpm dnsmasq-utils-2.66-21.el7_3.2.ppc64le.rpm
s390x: dnsmasq-debuginfo-2.66-21.el7_3.2.s390x.rpm dnsmasq-utils-2.66-21.el7_3.2.s390x.rpm
x86_64: dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm dnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-14491 https://access.redhat.com/security/cve/CVE-2017-14492 https://access.redhat.com/security/cve/CVE-2017-14493 https://access.redhat.com/security/cve/CVE-2017-14494 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3199382
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZ0mgAXlSAg2UNWIIRAjO5AKCLm+Q/dlf8ARY5gQ34AkiIeWXCSwCdHYO/ 9aC3xN495X7ocyJg/PeZjNk= =cZi/ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201710-27
https://security.gentoo.org/
Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: October 23, 2017 Bugs: #632692 ID: 201710-27
Synopsis
Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.78 >= 2.78
Description
Multiple vulnerabilities have been discovered in Dnsmasq.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.78"
References
[ 1 ] CVE-2017-14491 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491 [ 2 ] CVE-2017-14492 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492 [ 3 ] CVE-2017-14493 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493 [ 4 ] CVE-2017-14494 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494 [ 5 ] CVE-2017-14495 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495 [ 6 ] CVE-2017-14496 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-27
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 1.3,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.1.0.4"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.3.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.17.8m"
},
{
"model": "linux for tegra",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "r21.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.2"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.18"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.3.1.25"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.17"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.1.9"
},
{
"model": "eos",
"scope": "lte",
"trust": 1.0,
"vendor": "arista",
"version": "4.15"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "eos",
"scope": "lte",
"trust": 1.0,
"vendor": "arista",
"version": "4.18.4.2f"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.1.0.0"
},
{
"model": "ruggedcom rm1224",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.0"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "5.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "geforce experience",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "3.10.0.55"
},
{
"model": "router manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "1.1"
},
{
"model": "honor v9 play",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "jimmy-al00ac00b135"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.16"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "linux for tegra",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "r24.2.2"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.3.1"
},
{
"model": "geforce experience",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "3.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.16"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.5.1.5"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.16.13m"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.3.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux enterprise point of sale",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.9,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "red hat enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "dnsmasq",
"scope": null,
"trust": 0.8,
"vendor": "thekelleys",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.75"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.72"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.71"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.70"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.64"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.63"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.62"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.61"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.60"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.59"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.58"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.57"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.56"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.55"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.54"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.53"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.52"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.51"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.38"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.37"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.36"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.34"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.33"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.30"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.28"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.27"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.26"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.25"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.24"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.23"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.9"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.3"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.996"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.992"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.98"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.96"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.95"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update suppor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.10"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.3,
"vendor": "fedoraproject",
"version": "27"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.8"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.7"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.11"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
}
],
"trust": 0.6
},
"cve": "CVE-2017-14491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-14491",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14491",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14491",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14491",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-14491",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-747",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-14491",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n===========================================================================\nUbuntu Security Notice USN-3430-3\nJanuary 04, 2018\n\ndnsmasq regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nUSN-3430-2 introduced regression in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nUSN-3430-2 fixed several vulnerabilities. The update introduced a new\nregression that breaks DNS resolution. This update addresses the\nproblem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. \n(CVE-2017-14491)\n\nFelix Wilhelm, Fermin J. (CVE-2017-14492)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 requests. \n(CVE-2017-14493)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. A remote\nattacker could use this issue to cause Dnsmasq to consume memory,\nresulting in a denial of service. (CVE-2017-14495)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n dnsmasq=C2=A02.59-4ubuntu0.4\n dnsmasq-base2.59-4ubuntu0.4\n dnsmasq-utils2.59-4ubuntu0.4\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: dnsmasq security update\nAdvisory ID: RHSA-2017:2837-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2837\nIssue date: 2017-10-02\nCVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 \n CVE-2017-14494 \n=====================================================================\n\n1. Summary:\n\nAn update for dnsmasq is now available for Red Hat Enterprise Linux 7.2\nExtended Update Support and Red Hat Enterprise Linux 7.3 Extended Update\nSupport. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.3) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name\nServer) forwarder and DHCP (Dynamic Host Configuration Protocol) server. \n\nSecurity Fix(es):\n\n* A heap buffer overflow was found in dnsmasq in the code responsible for\nbuilding DNS replies. \n(CVE-2017-14491)\n\n* A heap buffer overflow was discovered in dnsmasq in the IPv6 router\nadvertisement (RA) handling code. This issue only affected\nconfigurations using one of these options: enable-ra, ra-only, slaac,\nra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)\n\n* A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)\n\n* An information leak was found in dnsmasq in the DHCPv6 relay code. An\nattacker on the local network could send crafted DHCPv6 packets to dnsmasq\ncausing it to forward the contents of process memory, potentially leaking\nsensitive data. (CVE-2017-14494)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. \nSerna (Google Security Team), Gabriel Campana (Google Security Team), Kevin\nHamacher (Google Security Team), and Ron Bowes (Google Security Team) for\nreporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies\n1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code\n1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code\n1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.2):\n\nSource:\ndnsmasq-2.66-14.el7_2.2.src.rpm\n\nx86_64:\ndnsmasq-2.66-14.el7_2.2.x86_64.rpm\ndnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.3):\n\nSource:\ndnsmasq-2.66-21.el7_3.2.src.rpm\n\nx86_64:\ndnsmasq-2.66-21.el7_3.2.x86_64.rpm\ndnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2):\n\nx86_64:\ndnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm\ndnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):\n\nx86_64:\ndnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm\ndnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\ndnsmasq-2.66-14.el7_2.2.src.rpm\n\nppc64:\ndnsmasq-2.66-14.el7_2.2.ppc64.rpm\ndnsmasq-debuginfo-2.66-14.el7_2.2.ppc64.rpm\n\nppc64le:\ndnsmasq-2.66-14.el7_2.2.ppc64le.rpm\ndnsmasq-debuginfo-2.66-14.el7_2.2.ppc64le.rpm\n\ns390x:\ndnsmasq-2.66-14.el7_2.2.s390x.rpm\ndnsmasq-debuginfo-2.66-14.el7_2.2.s390x.rpm\n\nx86_64:\ndnsmasq-2.66-14.el7_2.2.x86_64.rpm\ndnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\ndnsmasq-2.66-21.el7_3.2.src.rpm\n\nppc64:\ndnsmasq-2.66-21.el7_3.2.ppc64.rpm\ndnsmasq-debuginfo-2.66-21.el7_3.2.ppc64.rpm\n\nppc64le:\ndnsmasq-2.66-21.el7_3.2.ppc64le.rpm\ndnsmasq-debuginfo-2.66-21.el7_3.2.ppc64le.rpm\n\ns390x:\ndnsmasq-2.66-21.el7_3.2.s390x.rpm\ndnsmasq-debuginfo-2.66-21.el7_3.2.s390x.rpm\n\nx86_64:\ndnsmasq-2.66-21.el7_3.2.x86_64.rpm\ndnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.2):\n\nppc64:\ndnsmasq-debuginfo-2.66-14.el7_2.2.ppc64.rpm\ndnsmasq-utils-2.66-14.el7_2.2.ppc64.rpm\n\nppc64le:\ndnsmasq-debuginfo-2.66-14.el7_2.2.ppc64le.rpm\ndnsmasq-utils-2.66-14.el7_2.2.ppc64le.rpm\n\ns390x:\ndnsmasq-debuginfo-2.66-14.el7_2.2.s390x.rpm\ndnsmasq-utils-2.66-14.el7_2.2.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm\ndnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.3):\n\nppc64:\ndnsmasq-debuginfo-2.66-21.el7_3.2.ppc64.rpm\ndnsmasq-utils-2.66-21.el7_3.2.ppc64.rpm\n\nppc64le:\ndnsmasq-debuginfo-2.66-21.el7_3.2.ppc64le.rpm\ndnsmasq-utils-2.66-21.el7_3.2.ppc64le.rpm\n\ns390x:\ndnsmasq-debuginfo-2.66-21.el7_3.2.s390x.rpm\ndnsmasq-utils-2.66-21.el7_3.2.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm\ndnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-14491\nhttps://access.redhat.com/security/cve/CVE-2017-14492\nhttps://access.redhat.com/security/cve/CVE-2017-14493\nhttps://access.redhat.com/security/cve/CVE-2017-14494\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/security/vulnerabilities/3199382\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ0mgAXlSAg2UNWIIRAjO5AKCLm+Q/dlf8ARY5gQ34AkiIeWXCSwCdHYO/\n9aC3xN495X7ocyJg/PeZjNk=\n=cZi/\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201710-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Dnsmasq: Multiple vulnerabilities\n Date: October 23, 2017\n Bugs: #632692\n ID: 201710-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Dnsmasq, the worst of which\nmay allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.78 \u003e= 2.78 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.78\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-14491\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491\n[ 2 ] CVE-2017-14492\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492\n[ 3 ] CVE-2017-14493\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493\n[ 4 ] CVE-2017-14494\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494\n[ 5 ] CVE-2017-14495\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495\n[ 6 ] CVE-2017-14496\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201710-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14491"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144706"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42941",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14491"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14491",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 3.6
},
{
"db": "BID",
"id": "101085",
"trust": 2.0
},
{
"db": "BID",
"id": "101977",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-689071",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "144480",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "42941",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-074-07",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93453933",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93656033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-747",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-14491",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144474",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144481",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144706",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"id": "VAR-201710-1433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4630627775
},
"last_update_date": "2025-12-22T21:15:03.957000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple\u00a0Critical\u00a0and\u00a0Important\u00a0vulnerabilities",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/USN-3430-1/"
},
{
"title": "Dnsmasq Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92843"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172838 - Security Advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172841 - Security Advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172840 - Security Advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172839 - Security Advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172837 - Security Advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172836 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: dnsmasq: CVE-2017-13704: Size parameter overflow via large DNS query",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fa8aad66cae5df51d49e1cdce2fe4a42"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-14491"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3430-2"
},
{
"title": "Ubuntu Security Notice: dnsmasq regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3430-3"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3430-1"
},
{
"title": "Debian Security Advisories: DSA-3989-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c18698ecfe74c7de381531f8ed44dcf"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=7f490a104360d6f65bee18ec7bfa18a3"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1251"
},
{
"title": "Arch Linux Advisories: [ASA-201710-1] dnsmasq: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201710-1"
},
{
"title": "Amazon Linux AMI: ALAS-2017-907",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-907"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=b1921e7bf61366a1d7f889a7cdefa932"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/suhaad79/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/calvinkkd/aws-k8s-kkd-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/simonelle/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/scholzj/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/bisiman2/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/honey336/-aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible -1\naws-k8s-kops-ansible\naws-k8s-kops-ansible\naws-k8s-kops-ansible\naws-k8s-kops-ansible",
"trust": 0.1,
"url": "https://github.com/Andreadote/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/RavitejaAdepudi/KopsCluster "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/lorerunner/devops_kubenerates_aws "
},
{
"title": "Kaosagnt\u0027s Ansible Everyday Utils",
"trust": 0.1,
"url": "https://github.com/kaosagnt/ansible-everyday "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Heap-based buffer overflow (CWE-122) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 3.1,
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 2.8,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 2.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 2.0,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 2.0,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2838"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2840"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-3430-1"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-3430-3"
},
{
"trust": 1.7,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.7,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2841"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2839"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-3430-2"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"trust": 1.7,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101977"
},
{
"trust": 1.7,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.7,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-005.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"trust": 1.7,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"trust": 1.7,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"trust": 1.7,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/144480/dnsmasq-2-byte-heap-based-overflow.html"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14491"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5mmpcjoyppl4b5rby4u425pwg7eetdtd/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yxrz2w6tv6nlujc5nofbsg6pzsmdtypv/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527knn34rn2sb6mbjg7cksebwye3tjeb/"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14492"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14493"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14494"
},
{
"trust": 0.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py"
},
{
"trust": 0.9,
"url": "https://github.com/kubernetes/kubernetes/blob/master/changelog.md"
},
{
"trust": 0.9,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2017\u0026m=slackware-security.601472"
},
{
"trust": 0.9,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495410"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495412"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495415"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495416"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495510"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-13704"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14495"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14496"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93453933/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93656033/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5mmpcjoyppl4b5rby4u425pwg7eetdtd/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/527knn34rn2sb6mbjg7cksebwye3tjeb/"
},
{
"trust": 0.6,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yxrz2w6tv6nlujc5nofbsg6pzsmdtypv/"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-332-01"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14494"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14492"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14493"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14496"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14495"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/suhaad79/aws-k8s-kops-ansible"
},
{
"trust": 0.1,
"url": "https://github.com/scholzj/aws-k8s-kops-ansible"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1741262"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14495"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14491"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14496"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14494"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-04T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2018-01-04T17:50:40",
"db": "PACKETSTORM",
"id": "145652"
},
{
"date": "2017-10-02T08:55:00",
"db": "PACKETSTORM",
"id": "144474"
},
{
"date": "2017-10-02T11:11:00",
"db": "PACKETSTORM",
"id": "144477"
},
{
"date": "2017-10-03T05:18:12",
"db": "PACKETSTORM",
"id": "144481"
},
{
"date": "2017-10-23T13:54:05",
"db": "PACKETSTORM",
"id": "144706"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-747"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"date": "2017-10-04T01:29:02.870000",
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2022-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-747"
},
{
"date": "2024-03-22T07:54:00",
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-747"
}
],
"trust": 0.6
}
}
VAR-201809-1153
Vulnerability from variot - Updated: 2025-12-22 19:56The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. ========================================================================= Ubuntu Security Notice USN-3742-1 August 14, 2018
linux vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646)
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620)
Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. (CVE-2018-5391)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-3.13.0-155-generic 3.13.0-155.205 linux-image-3.13.0-155-generic-lpae 3.13.0-155.205 linux-image-3.13.0-155-lowlatency 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500mc 3.13.0-155.205 linux-image-3.13.0-155-powerpc-smp 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-emb 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-smp 3.13.0-155.205 linux-image-generic 3.13.0.155.165 linux-image-generic-lpae 3.13.0.155.165 linux-image-lowlatency 3.13.0.155.165 linux-image-powerpc-e500 3.13.0.155.165 linux-image-powerpc-e500mc 3.13.0.155.165 linux-image-powerpc-smp 3.13.0.155.165 linux-image-powerpc64-emb 3.13.0.155.165 linux-image-powerpc64-smp 3.13.0.155.165
Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
This is mitigated by reducing the default limits on memory usage
for incomplete fragmented packets. The same mitigation can be
achieved without the need to reboot, by setting the sysctls:
net.ipv4.ipfrag_high_thresh = 262144
net.ipv6.ip6frag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv6.ip6frag_low_thresh = 196608
The default values may still be increased by local configuration
if necessary.
For the stable distribution (stretch), this problem has been fixed in version 4.9.110-3+deb9u2.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltzSylfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RaQQ//ZmbZqbqzS25ZDtEN7fJbInoznmfFiXHYCS9/GNEID3ODvPEn34omQ+Tj HJHroMWFsXROIaViHvJ2mZB3dpgv+ge1huvqXFTh+VrnQxvmdzzNy0UiDUH3B7jU BnbI7IS5x2dBC4cY+5vJ1fn0mWnvh/Bg9D+HEce3mmz9f/bTmXXiwPosyCM0KnzC R8aq73EU61A+IYJd+otICU6jZk+4IdgZRhW6q8F5OgHrnBryr0Xem8hSeL4Nkv3y aLX2Ca20eAgfeGo/SAHmG+FfJLR6dG8frz1k8HsKWNW16O8AC6lDbRC1+teK1e43 6GoIjfU9fBy3Cc35I1JQ85cfzfDLaETQ6IQ23o9SUP6qh8QKtUYDIU2sEDAThmrA IeoJsscGUvRMOx/XzuW8xN6rgbU+uNp8NIYXonZjy+U28dGp11obq3ka02railwj VEhm3YPIddeySofS0tZuBJ1XKL1/a5voLQ9GEBk+wq10DPdfYvSmIXxVR/FOfYy5 mLLTdtHINomfeihEI9AOWqq7w5bVIIidWB2a5FJiBZKWW1OdiNRHlD4hNMCR5xRv vK2PPXYcCxBuO4mdcnYydDcmrDvD22b6AhN1sm8FqUkWSXQbRoHNan95A8KbgZw0 Rk68oRCEFKcScB67ZhK2hUue7hZhkz52MlbS7pJgBPSuKrVsZtw= =WPm5 -----END PGP SIGNATURE----- . 7) - ppc64le
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3635371
-
(BZ#1615873)
-
After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. (BZ#1629634)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:3590-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3590 Issue date: 2018-11-13 CVE Names: CVE-2017-18344 CVE-2018-5391 CVE-2018-10675 CVE-2018-14634 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391)
-
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
-
kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)
-
kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634.
Bug Fix(es):
-
Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629565)
-
Previously, a packet was missing the User Datagram Protocol (UDP) payload checksum during a full checksum computation, if the hardware checksum was not applied. As a consequence, a packet with an incorrect checksum was dropped by a peer. With this update, the kernel includes the UDP payload checksum during the full checksum computation. As a result, the checksum is computed correctly and the packet can be received by the peer. (BZ#1635792)
-
Previously, a transform lookup through the xfrm framework could be performed on an already transformed destination cache entry (dst_entry). When using User Datagram Protocol (UDP) over IPv6 with a connected socket in conjunction with Internet Protocol Security (IPsec) in Encapsulating Security Payload (ESP) transport mode. As a consequence, invalid IPv6 fragments transmitted from the host or the kernel occasionally terminated unexpectedly due to a socket buffer (SKB) underrun. With this update, the xfrm lookup on an already transformed dst_entry is not possible. As a result, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6 fragment transmissions or a kernel panic. (BZ#1639586)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c 1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-18344 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/cve/CVE-2018-14634 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3553061 https://access.redhat.com/security/vulnerabilities/mutagen-astronomy
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW+sPDtzjgjWX9erEAQhm3BAAhxwzb8zJTfl0zFY/r9KUzkAdLXY4w39X BgJrVPyl7f6krvQ17HE95Poqz/iUhMOZAweypQXHMRKkmfMTYiLHlKpdIusou2xy y1ZzB1uloI4j2zMdTDRP5yZz06r/NP5A05pLZDA02iR5b07ALLYb5hcL5oBnpQXp 9Xp31qb7TCP+jWtCO1Ot+9GJ3chMNvpYqH0OkGTpq/G7PxGrhIzB6v4p6N5OntD9 5CIebREaGBWn9ViWiUHcthgg+PN2iS2/5ST82g/Jss/WmVVZSiVbayob6/MNQPnb M29VHOmJ6pf5dERNpSqrJrBXeDYCMA6HHD+RT9SmiuQQ8gQ2Rzjy7K97Nn++6x7O nclOTmB7hQZtl0WhgC3xuwtslXGpe9jKSzql03ijTvJRQrczgVWiBS+tpfVAJprV ma2Kchf5ivctaXZ/R62JMyTvNf6HCVdvBNvSNET52ol3PkdpJK7V7mg+H64Mqdrl cBTUDBHHYYWMJted9pHWq7tPs0vy1h9aoFqNdlak5jwr169vldlZMRBbhtvz+OXj V/o+IClbY9UUfibaXDoX7qufeVikW1KQ4L+VhRj3RzXNsu2A8FUAcN7za5Qv5HIe LiC42C+pjvHqS/9gNpBakzKv6nPldWZIfPEuF4zewizBxlTXHPE1ln1hAWKjqVTs 6QJ1Zh7jeUY= =8JOQ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.3) - ppc64, ppc64le, x86_64
-
Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. (BZ#1596281)
-
Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. (BZ#1618388)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1153",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "windows 7",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "simatic rf186ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "simatic rf188",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "simatic net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "simatic net cp 1542sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "sinema remote connect server",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1709"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.1"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "kernel",
"scope": "lte",
"trust": 1.0,
"vendor": "linux",
"version": "4.18"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "simatic net cp 1543sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "simatic rf188ci",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.9"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1709"
},
{
"model": "simatic net cp 1243-7 lte eu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "scalance w700 ieee 802.11a\\/b\\/g\\/n",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ruggedcom rox ii",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.13.3"
},
{
"model": "simatic net cp 1242-7",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1607"
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "ruggedcom rm1224",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "windows rt 8.1",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "scalance sc-600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "simatic net cp 1243-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "simatic net cp 1243-7 lte us",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1703"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip domain name system",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "scalance w1700 ieee 802.11ac",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.4"
},
{
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arista",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.2"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.20"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.8"
},
{
"model": "extendible operating system 4.20.5f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.73"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.15"
},
{
"model": "extendible operating system 4.20.5.1f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.7"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.22"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.11"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10"
},
{
"model": "kernel 3.9-rc3",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.17.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "extendible operating system 4.20.4f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.1"
},
{
"model": "kernel 4.14-rc5",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.16"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.10"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "18030"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.18"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.23"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.11.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.14"
},
{
"model": "extendible operating system 4.20.4.1f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.7"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.37"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.54"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.43"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.73"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.13"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": "windows server r2 for itanium-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.12"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.3"
},
{
"model": "kernel 3.9-rc8",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.1"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.44"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.49"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.20"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.17"
},
{
"model": "extendible operating system 4.21.0f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.2"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.27"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.10"
},
{
"model": "kernel 4.13-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "extendible operating system 4.20.7m",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.2"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.19"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.3"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.3"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.45"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.19.2"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.9"
},
{
"model": "extendible operating system 4.20.1f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.37"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.48"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.9.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.81"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.15.10"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.30"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.12"
},
{
"model": "kernel 4.14.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel 4.16-rc",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.6"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.8"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.4"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.15.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.36"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.11"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.13"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.4"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.41"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.9"
},
{
"model": "extendible operating system 4.20.6f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "linux esm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.11"
},
{
"model": "extendible operating system 4.20.8m",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.8"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.17"
},
{
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.3"
},
{
"model": "kernel 3.9-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.31"
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.17.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.14"
},
{
"model": "kernel 4.12-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.3"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.10"
},
{
"model": "enterprise mrg",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.2"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.19"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.9"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.79"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.1"
},
{
"model": "extendible operating system 4.20.2f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.9.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.6"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.7"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.5"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.3"
},
{
"model": "extendible operating system",
"scope": "eq",
"trust": 0.3,
"vendor": "arista",
"version": "0"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.12"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.0.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.45"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.7"
},
{
"model": "kernel 4.15-rc5",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.1"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.1"
},
{
"model": "extendible operating system 4.20.3f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.7"
},
{
"model": "extendible operating system 4.20.5.2f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.18"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.7"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "8.1"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "17090"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.20"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.36"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.19"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.8"
},
{
"model": "kernel 3.9-rc7",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.90"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.11.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.11.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.2"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.7"
},
{
"model": "extendible operating system 4.20.0f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.38"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.15.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.1"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "extendible operating system 4.20.2.1f",
"scope": null,
"trust": 0.3,
"vendor": "arista",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.17.6"
},
{
"model": "kernel 4.17-rc2",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.13.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.14.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.10"
},
{
"model": "kernel 4.16-rc6",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.40"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.17.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.18.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.31"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.12.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.10.26"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1.13"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.17"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.11"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1.10"
},
{
"model": "kernel 4.14-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel 4.16-rc7",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "149546"
}
],
"trust": 0.7
},
"cve": "CVE-2018-5391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5391",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.6,
"exploitability": "UNPROVEN",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5391",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "NOT DEFINED",
"reportConfidence": "NOT DEFINED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-135422",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5391",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5391",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-5391",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-135422",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5391",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Linux Kernel is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. =========================================================================\nUbuntu Security Notice USN-3742-1\nAugust 14, 2018\n\nlinux vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. This vulnerability is also known as L1 Terminal Fault (L1TF). A local\nattacker in a guest virtual machine could use this to expose sensitive\ninformation (memory from other guests or the host OS). (CVE-2018-3646)\n\nIt was discovered that memory present in the L1 data cache of an Intel CPU\ncore may be exposed to a malicious process that is executing on the CPU\ncore. This vulnerability is also known as L1 Terminal Fault (L1TF). A local\nattacker could use this to expose sensitive information (memory from the\nkernel or other processes). (CVE-2018-3620)\n\nAndrey Konovalov discovered an out-of-bounds read in the POSIX\ntimers subsystem in the Linux kernel. (CVE-2018-5391)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n linux-image-3.13.0-155-generic 3.13.0-155.205\n linux-image-3.13.0-155-generic-lpae 3.13.0-155.205\n linux-image-3.13.0-155-lowlatency 3.13.0-155.205\n linux-image-3.13.0-155-powerpc-e500 3.13.0-155.205\n linux-image-3.13.0-155-powerpc-e500mc 3.13.0-155.205\n linux-image-3.13.0-155-powerpc-smp 3.13.0-155.205\n linux-image-3.13.0-155-powerpc64-emb 3.13.0-155.205\n linux-image-3.13.0-155-powerpc64-smp 3.13.0-155.205\n linux-image-generic 3.13.0.155.165\n linux-image-generic-lpae 3.13.0.155.165\n linux-image-lowlatency 3.13.0.155.165\n linux-image-powerpc-e500 3.13.0.155.165\n linux-image-powerpc-e500mc 3.13.0.155.165\n linux-image-powerpc-smp 3.13.0.155.165\n linux-image-powerpc64-emb 3.13.0.155.165\n linux-image-powerpc64-smp 3.13.0.155.165\n\nPlease note that the recommended mitigation for CVE-2018-3646 involves\nupdating processor microcode in addition to updating the kernel;\nhowever, the kernel includes a fallback for processors that have not\nreceived microcode updates. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\n This is mitigated by reducing the default limits on memory usage\n for incomplete fragmented packets. The same mitigation can be\n achieved without the need to reboot, by setting the sysctls:\n\n net.ipv4.ipfrag_high_thresh = 262144\n net.ipv6.ip6frag_high_thresh = 262144\n net.ipv4.ipfrag_low_thresh = 196608\n net.ipv6.ip6frag_low_thresh = 196608\n\n The default values may still be increased by local configuration\n if necessary. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 4.9.110-3+deb9u2. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltzSylfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RaQQ//ZmbZqbqzS25ZDtEN7fJbInoznmfFiXHYCS9/GNEID3ODvPEn34omQ+Tj\nHJHroMWFsXROIaViHvJ2mZB3dpgv+ge1huvqXFTh+VrnQxvmdzzNy0UiDUH3B7jU\nBnbI7IS5x2dBC4cY+5vJ1fn0mWnvh/Bg9D+HEce3mmz9f/bTmXXiwPosyCM0KnzC\nR8aq73EU61A+IYJd+otICU6jZk+4IdgZRhW6q8F5OgHrnBryr0Xem8hSeL4Nkv3y\naLX2Ca20eAgfeGo/SAHmG+FfJLR6dG8frz1k8HsKWNW16O8AC6lDbRC1+teK1e43\n6GoIjfU9fBy3Cc35I1JQ85cfzfDLaETQ6IQ23o9SUP6qh8QKtUYDIU2sEDAThmrA\nIeoJsscGUvRMOx/XzuW8xN6rgbU+uNp8NIYXonZjy+U28dGp11obq3ka02railwj\nVEhm3YPIddeySofS0tZuBJ1XKL1/a5voLQ9GEBk+wq10DPdfYvSmIXxVR/FOfYy5\nmLLTdtHINomfeihEI9AOWqq7w5bVIIidWB2a5FJiBZKWW1OdiNRHlD4hNMCR5xRv\nvK2PPXYcCxBuO4mdcnYydDcmrDvD22b6AhN1sm8FqUkWSXQbRoHNan95A8KbgZw0\nRk68oRCEFKcScB67ZhK2hUue7hZhkz52MlbS7pJgBPSuKrVsZtw=\n=WPm5\n-----END PGP SIGNATURE-----\n. 7) - ppc64le\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of the bug fixes in this advisory. See the\ndescriptions in the related Knowledge Article:\n\nhttps://access.redhat.com/articles/3635371\n\n4. (BZ#1615873)\n\n* After updating the system to prevent the L1 Terminal Fault (L1TF)\nvulnerability, only one thread was detected on systems that offer\nprocessing of two threads on a single processor core. With this update, the\n\"__max_smt_threads()\" function has been fixed. (BZ#1629634)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2018:3590-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3590\nIssue date: 2018-11-13\nCVE Names: CVE-2017-18344 CVE-2018-5391 CVE-2018-10675 \n CVE-2018-14634 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.2 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled\nreassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS\nor other unspecified impact (CVE-2018-10675)\n\n* kernel: Integer overflow in Linux\u0027s create_elf_tables function\n(CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department\nof Communications and Networking and Nokia Bell Labs) for reporting\nCVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. \n\nBug Fix(es):\n\n* Previously, a kernel panic occurred when the kernel tried to make an out\nof bound access to the array that describes the L1 Terminal Fault (L1TF)\nmitigation state on systems without Extended Page Tables (EPT) support. \nThis update extends the array of mitigation states to cover all the states,\nwhich effectively prevents out of bound array access. Also, this update\nenables rejecting invalid, irrelevant values, that might be erroneously\nprovided by the userspace. As a result, the kernel no longer panics in the\ndescribed scenario. (BZ#1629565)\n\n* Previously, a packet was missing the User Datagram Protocol (UDP) payload\nchecksum during a full checksum computation, if the hardware checksum was\nnot applied. As a consequence, a packet with an incorrect checksum was\ndropped by a peer. With this update, the kernel includes the UDP payload\nchecksum during the full checksum computation. As a result, the checksum is\ncomputed correctly and the packet can be received by the peer. (BZ#1635792)\n\n* Previously, a transform lookup through the xfrm framework could be\nperformed on an already transformed destination cache entry (dst_entry). \nWhen using User Datagram Protocol (UDP) over IPv6 with a connected socket\nin conjunction with Internet Protocol Security (IPsec) in Encapsulating\nSecurity Payload (ESP) transport mode. As a consequence, invalid IPv6\nfragments transmitted from the host or the kernel occasionally terminated\nunexpectedly due to a socket buffer (SKB) underrun. With this update, the\nxfrm lookup on an already transformed dst_entry is not possible. As a\nresult, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6\nfragment transmissions or a kernel panic. (BZ#1639586)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact\n1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)\n1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c\n1624498 - CVE-2018-14634 kernel: Integer overflow in Linux\u0027s create_elf_tables function\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-18344\nhttps://access.redhat.com/security/cve/CVE-2018-5391\nhttps://access.redhat.com/security/cve/CVE-2018-10675\nhttps://access.redhat.com/security/cve/CVE-2018-14634\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/3553061\nhttps://access.redhat.com/security/vulnerabilities/mutagen-astronomy\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW+sPDtzjgjWX9erEAQhm3BAAhxwzb8zJTfl0zFY/r9KUzkAdLXY4w39X\nBgJrVPyl7f6krvQ17HE95Poqz/iUhMOZAweypQXHMRKkmfMTYiLHlKpdIusou2xy\ny1ZzB1uloI4j2zMdTDRP5yZz06r/NP5A05pLZDA02iR5b07ALLYb5hcL5oBnpQXp\n9Xp31qb7TCP+jWtCO1Ot+9GJ3chMNvpYqH0OkGTpq/G7PxGrhIzB6v4p6N5OntD9\n5CIebREaGBWn9ViWiUHcthgg+PN2iS2/5ST82g/Jss/WmVVZSiVbayob6/MNQPnb\nM29VHOmJ6pf5dERNpSqrJrBXeDYCMA6HHD+RT9SmiuQQ8gQ2Rzjy7K97Nn++6x7O\nnclOTmB7hQZtl0WhgC3xuwtslXGpe9jKSzql03ijTvJRQrczgVWiBS+tpfVAJprV\nma2Kchf5ivctaXZ/R62JMyTvNf6HCVdvBNvSNET52ol3PkdpJK7V7mg+H64Mqdrl\ncBTUDBHHYYWMJted9pHWq7tPs0vy1h9aoFqNdlak5jwr169vldlZMRBbhtvz+OXj\nV/o+IClbY9UUfibaXDoX7qufeVikW1KQ4L+VhRj3RzXNsu2A8FUAcN7za5Qv5HIe\nLiC42C+pjvHqS/9gNpBakzKv6nPldWZIfPEuF4zewizBxlTXHPE1ln1hAWKjqVTs\n6QJ1Zh7jeUY=\n=8JOQ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7.3) - ppc64, ppc64le, x86_64\n\n3. Maintaining the denial of service\ncondition requires continuous two-way TCP sessions to a reachable open\nport, thus the attacks cannot be performed using spoofed IP addresses. Consequently, the node was not available. This\nupdate fixes an irq latency source in memory compaction. \n(BZ#1596281)\n\n* Previously, the kernel source code was missing support to report the\nSpeculative Store Bypass Disable (SSBD) vulnerability status on IBM Power\nSystems and the little-endian variants of IBM Power Systems. As a\nconsequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass\nfile incorrectly reported \"Not affected\" on both CPU architectures. This\nfix updates the kernel source code to properly report the SSBD status\neither as \"Vulnerable\" or \"Mitigation: Kernel entry/exit barrier (TYPE)\"\nwhere TYPE is one of \"eieio\", \"hwsync\", \"fallback\", or \"unknown\". As a\nconsequence, the VMs sometimes became unresponsive when booting. This\nupdate applies an upstream patch to avoid early microcode update when\nrunning under a hypervisor. (BZ#1618388)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5391"
},
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "PACKETSTORM",
"id": "148915"
},
{
"db": "PACKETSTORM",
"id": "148912"
},
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149546"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5391",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#641765",
"trust": 2.9
},
{
"db": "BID",
"id": "105108",
"trust": 2.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/06/28/2",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/07/06/4",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/07/06/3",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-377115",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1041476",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1041637",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0545",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0623",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0854",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1315",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0675",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-105-05",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148928",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-135422",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5391",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148915",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148912",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150068",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150057",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149726",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149832",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150314",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148913",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149546",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "PACKETSTORM",
"id": "148915"
},
{
"db": "PACKETSTORM",
"id": "148912"
},
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"id": "VAR-201809-1153",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135422"
}
],
"trust": 0.617889808
},
"last_update_date": "2025-12-22T19:56:45.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linux kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=84156"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182846 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183459 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182785 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182925 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4272-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c4fc75c3940ecd62e6e3d43c90c1ead1"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182791 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182924 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183590 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183540 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182933 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183586 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201903-11] linux-hardened: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201903-11"
},
{
"title": "Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3740-2"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0e5803196f7b186e3c0e200d43325ad6"
},
{
"title": "Red Hat: CVE-2018-5391",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-5391"
},
{
"title": "Cisco: Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180824-linux-ip-fragment"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3740-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2018-5391"
},
{
"title": "Ubuntu Security Notice: linux regressions",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-3"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-2"
},
{
"title": "IBM: IBM Security Bulletin: This Power System update is being released to address CVE-2018-5391",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c5babfeb02fdf3e145c777d8eb6dfd0f"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-1"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-5391)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cb5671de27781f97454cf1b56d2087e0"
},
{
"title": "IBM: IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4b24750b4f4494d02c26c4b32a0e107a"
},
{
"title": "Ubuntu Security Notice: linux-lts-trusty regressions",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-3"
},
{
"title": "Ubuntu Security Notice: linux-lts-trusty vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-2"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-1"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=d3eead9065d15844d9f0f319ebc3ef51"
},
{
"title": "Amazon Linux AMI: ALAS-2018-1058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1058"
},
{
"title": "Amazon Linux 2: ALAS2-2018-1058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2018-1058"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=0944feb15e174ce784cc2c5c40d923ea"
},
{
"title": "Red Hat: Important: kernel-alt security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182948 - Security Advisory"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2018-5391 Information about FragmentSmack findings",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=3c616fb9e55ec6924cfd6ba2622c6c7e"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183083 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-rt security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183096 - Security Advisory"
},
{
"title": "Symantec Security Advisories: Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=b3193a96468975c04eb9f136ca9abec4"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=75b9d198a73a91d81765c8b428423224"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=204a1aa9ebf7b5f47151e8b011269862"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=05b5bbd6fb289370b459faf1f4e3919d"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=9cb9a8ed428c6faca615e91d2f1a216d"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
},
{
"title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
},
{
"title": "my_ref",
"trust": 0.1,
"url": "https://github.com/chetanshirke/my_ref "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ozipoetra/natvps-dns "
},
{
"title": "cve_diff_checker",
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker "
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/windows-systems-vulnerable-to-fragmentsmack-90s-like-dos-bug/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/linux/two-ddos-friendly-bugs-fixed-in-linux-kernel/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/over-80-cisco-products-affected-by-fragmentsmack-dos-bug/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/105108"
},
{
"trust": 2.4,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"trust": 2.2,
"url": "https://www.kb.cert.org/vuls/id/641765"
},
{
"trust": 2.1,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3740-1/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3740-2/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3741-1/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3741-2/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3742-1/"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3742-2/"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2785"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2846"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2925"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3083"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3096"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3540"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3590"
},
{
"trust": 1.8,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-004.txt"
},
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20181003-0002/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4272"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2791"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2924"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2933"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2948"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3459"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3586"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041476"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041637"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/5782-security-advisory-37"
},
{
"trust": 1.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180022"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5391"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2018-5391"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk134253"
},
{
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/cve-2018-5391"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/3553061https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-5391"
},
{
"trust": 0.8,
"url": "https://www.suse.com/security/cve/cve-2018-5391"
},
{
"trust": 0.8,
"url": "https://people.canonical.com/"
},
{
"trust": 0.8,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-690"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190541-1.html"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_security_mini_bulletin_xrx19ak_for_altalinkb80xx-c80xx.pdf"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872368"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1315/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75930"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190123-01-linux-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76246"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10792535"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76474"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180824-linux-ip-fragment"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77246"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-01-linux-cn"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-05"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18344"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/3553061"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-18344"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14634"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14634"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10675"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-10675"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609664"
},
{
"trust": 0.3,
"url": "http://www.kernel.org/"
},
{
"trust": 0.3,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/131"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2018-5142979.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
},
{
"trust": 0.3,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/l1tf"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/vulnerabilities/mutagen-astronomy"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5390"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3740-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-13405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-7740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18232"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5344"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10940"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1092"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1120"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13405"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000026"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1094"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-7757"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10940"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1118"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1130"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-10661"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-17805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10879"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10902"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8830"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10883"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5848"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10322"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-4913"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10883"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1118"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5803"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10878"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10879"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10902"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1000026"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-0861"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-8781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8830"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10322"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10881"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4913"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1130"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10661"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1120"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10878"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5344"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/chetanshirke/my_ref"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3742-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/3.13.0-155.205"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1019.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1019.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1015.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1020.22"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-32.35"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/linux"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3635371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3684891"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-32.35~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21~16.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3740-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5390"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "PACKETSTORM",
"id": "148915"
},
{
"db": "PACKETSTORM",
"id": "148912"
},
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#641765"
},
{
"db": "VULHUB",
"id": "VHN-135422"
},
{
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"db": "BID",
"id": "105108"
},
{
"db": "PACKETSTORM",
"id": "148915"
},
{
"db": "PACKETSTORM",
"id": "148912"
},
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "PACKETSTORM",
"id": "150068"
},
{
"db": "PACKETSTORM",
"id": "150057"
},
{
"db": "PACKETSTORM",
"id": "149726"
},
{
"db": "PACKETSTORM",
"id": "149832"
},
{
"db": "PACKETSTORM",
"id": "150315"
},
{
"db": "PACKETSTORM",
"id": "150314"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-14T00:00:00",
"db": "CERT/CC",
"id": "VU#641765"
},
{
"date": "2018-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-135422"
},
{
"date": "2018-09-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105108"
},
{
"date": "2018-08-15T04:42:52",
"db": "PACKETSTORM",
"id": "148915"
},
{
"date": "2018-08-15T04:42:35",
"db": "PACKETSTORM",
"id": "148912"
},
{
"date": "2018-08-14T22:22:00",
"db": "PACKETSTORM",
"id": "148928"
},
{
"date": "2018-10-31T01:11:41",
"db": "PACKETSTORM",
"id": "150068"
},
{
"date": "2018-10-31T01:00:50",
"db": "PACKETSTORM",
"id": "150057"
},
{
"date": "2018-10-09T17:02:09",
"db": "PACKETSTORM",
"id": "149726"
},
{
"date": "2018-10-17T15:42:22",
"db": "PACKETSTORM",
"id": "149832"
},
{
"date": "2018-11-14T01:33:23",
"db": "PACKETSTORM",
"id": "150315"
},
{
"date": "2018-11-14T01:33:01",
"db": "PACKETSTORM",
"id": "150314"
},
{
"date": "2018-08-15T04:42:40",
"db": "PACKETSTORM",
"id": "148913"
},
{
"date": "2018-09-25T23:02:55",
"db": "PACKETSTORM",
"id": "149546"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"date": "2018-09-06T21:29:00.363000",
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CERT/CC",
"id": "VU#641765"
},
{
"date": "2022-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-135422"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5391"
},
{
"date": "2019-02-15T14:00:00",
"db": "BID",
"id": "105108"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-570"
},
{
"date": "2024-11-21T04:08:43.897000",
"db": "NVD",
"id": "CVE-2018-5391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "148928"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux kernel IP fragment re-assembly vulnerable to denial of service",
"sources": [
{
"db": "CERT/CC",
"id": "VU#641765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-570"
}
],
"trust": 0.6
}
}
VAR-201705-3220
Vulnerability from variot - Updated: 2025-04-20 23:20Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are all industrial automation products from Siemens AG. A denial of service vulnerability exists in several industrial devices from Siemens. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-200 Smart, etc. Siemens SIMATIC S7-200 Smart is a programmable logic controller (PLC) used in small and medium-sized automation systems. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module used to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). SIRIUS Motor starter M200D PROFINET is a motor starter. The following products and versions are affected: Siemens Extension Unit 12\" PROFINET prior to V01.01.01; Extension Unit 15\" PROFINET prior to V01.01.01; Extension Unit 19\" PROFINET prior to V01.01.01; Extension Unit 22\" PROFINET SIMATIC CP 1242-7 GPRS V2 prior to V2.1.82; SIMATIC CP 1243-7 LTE/US prior to V2.1.82; SIMATIC CP 1243-8 prior to V2.1.82; SIMATIC CP 1626 V1.1 previous version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic dk-16xx pn io",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf685r",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf650r",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf680r",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1543sp-1",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1542sp-1 irc",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1542sp-1",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr500",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xm400",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w700",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic tdc cpu555",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.1"
},
{
"model": "simatic s7-1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "sinamics v90 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.01"
},
{
"model": "dk standard ethernet controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "sinamics dcm",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.4"
},
{
"model": "simatic cp 1626",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "pn\\/pn coupler",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "sinamics dcm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.4"
},
{
"model": "ups1600 profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2.0"
},
{
"model": "simatic cp 1542sp-1 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.15"
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.03"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "ie\\/as-i link pn io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1543sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.15"
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200s",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "extension unit 22 profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "01.01.01"
},
{
"model": "simatic cp 343-1 lean",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1.3"
},
{
"model": "sinamics g110m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sirius act 3su1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "ek-ertec 200 pn io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "sinamics g110m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic dk-1616 pn io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic s7-300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "simatic cp 1243-1 dnp3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "simatic cp 1542sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.15"
},
{
"model": "ek-ertec 200 pn io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "simatic cp 1243-7 lte\\/us",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.82"
},
{
"model": "simatic et 200sp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "simatic rf685r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance x408",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "simatic tdc cp51m1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.8"
},
{
"model": "simatic cp 443-1 std",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.17"
},
{
"model": "sinumerik 840d sl",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "extension unit 19 profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "01.01.01"
},
{
"model": "sinumerik 840d sl",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "ek-ertec 200p pn io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "sinamics g130",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s110 pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "sirius motor starter m200d profinet",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.03"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "extension unit 12 profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "01.01.01"
},
{
"model": "ek-ertec 200p pn io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simocode pro v profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.0"
},
{
"model": "simatic cp 443-1 opc-ua",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200mp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0.1"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "scalance x414",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.10.2"
},
{
"model": "scalance x200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.2"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "sinamics dcp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2"
},
{
"model": "sinamics sl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics sm120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic cp 1242-7 gprs",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.82"
},
{
"model": "sinamics dcp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2"
},
{
"model": "scalance w700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "simatic teleservice adapter ie standard",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1243-8",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.82"
},
{
"model": "simatic cp 343-1 std",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1.3"
},
{
"model": "simatic cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sirius soft starter 3rw44 pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics gm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic et 200m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cm 1542-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic cp 1243-1 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.82"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic et 200ecopn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic winac rtx",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinumerik 828d",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "extension unit 15 profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "01.01.01"
},
{
"model": "simatic teleservice adapter ie basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinumerik 828d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "sinamics g120\\ w. pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic hmi mobile panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic dk-1604 pn io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "sinamics g120\\ w. pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic cp 1616",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic s7-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0.6"
},
{
"model": "softnet profinet io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic rf680r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinamics s110 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "softnet profinet io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "scalance xm400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "simatic hmi multi panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "ie\\/pb-link",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic cp 1243-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.82"
},
{
"model": "sitop psu8600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.0"
},
{
"model": "simatic s7-200 smart",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "simatic rf650r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic et 200al",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.2"
},
{
"model": "scalance x200 irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.4.0"
},
{
"model": "simotion",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "simatic cp 1604",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic cp 443-1 adv",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.17"
},
{
"model": "sinamics gh150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simotion",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "simatic cp 1243-1 iec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 343-1 adv",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "dk standard ethernet controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "dk standard ethernet controller",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200 pn io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200p pn io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ie/as-i link pn io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ie/pb-link",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pn/pn coupler",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x200 irt",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x408",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x414",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cm 1542-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1243-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1543-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1604",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1616",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 adv",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 lean",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 std",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 adv",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 opc-ua",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 std",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200al",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200ecopn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200m",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200mp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200pro",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200s",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200sp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi mobile panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi multi panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-200 smart",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie basic",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter standard modem",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx 2010",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simocode pro v profinet",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simotion",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics dcm",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics dcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g110m",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g120 w. pn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g130",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g150",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s110 w. pn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s150",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics v90 w. pn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik 828d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik 840d sl",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sirius act 3su1 interface module profinet",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sirius motor starter m200d profinet",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sirius soft starter 3rw44 pn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sitop psu8600",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sitop ups1600 profinet",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "softnet profinet io",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "for pc-based windows systems firmware"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1616"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1604"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1543-1"
},
{
"model": "simatic cm",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1542-1"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1243-1"
},
{
"model": "simatic cp opc-ua",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "443-1"
},
{
"model": "simatic cp adv",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "443-1"
},
{
"model": "simatic cp std",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "443-1"
},
{
"model": "simatic cp std",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "simatic cp lean",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "simatic cp adv",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x408"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x414"
},
{
"model": "scalance irt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x200"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x200"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x300"
},
{
"model": "simatic rf650r",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 opc-ua",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cm 1542-1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1542sp-1 irc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 adv",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 std",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1543-1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1543sp-1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1542sp-1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf680r",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sinumerik 828d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sinumerik 840d sl",
"version": "*"
},
{
"model": "ups1600 profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "softnet profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sitop psu8600",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sirius soft starter 3rw44 pn",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sirius act 3su1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinumerik 840d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinumerik 828d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinamics sm150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7.5"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7.4"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simotion",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "20100"
},
{
"model": "simatic teleservice adapter standard modem",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-400",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-300",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-200 smart",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf685r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf680r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf650r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2000"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "343-10"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16260"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16160"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16040"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1543-12.0.28"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1543-10"
},
{
"model": "simatic cp 1542sp-1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic cp irc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-80"
},
{
"model": "simatic cp lte eu/us",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-70"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-10"
},
{
"model": "simatic cp gprs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1242-7v20"
},
{
"model": "scalance xr500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance xm400",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x4140"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x4084.0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x4083.0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x3000"
},
{
"model": "scalance irt",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x2000"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x2000"
},
{
"model": "scalance w700 series",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "scalance w700 series",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.5.4"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.02"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ie/as-i link pn io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "extension unit profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "22?0"
},
{
"model": "extension unit profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "19?0"
},
{
"model": "extension unit profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15?0"
},
{
"model": "extension unit profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12?0"
},
{
"model": "e/pb-link",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinumerik 840d sl",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinumerik 828d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sm120 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics sl150 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gm150 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gl150 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gh150 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic rf685r",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic rf680r",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.7"
},
{
"model": "simatic cp 1604d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic cp irc",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-82.1.82"
},
{
"model": "simatic cp lte eu/us",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-72.1.82"
},
{
"model": "simatic cp gprs",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1242-7v22.1.82"
},
{
"model": "simatic rf650r",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "443-13.2.17"
},
{
"model": "simatic cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15431.2.1"
},
{
"model": "simatic cm1542",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.2"
},
{
"model": "scalance w700",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "extension unit profinet",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "22?1.1.1"
},
{
"model": "extension unit profinet",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "19?1.1.1"
},
{
"model": "extension unit profinet",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15?1.1.1"
},
{
"model": "extension unit profinet",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "12?1.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 std",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1542sp 1 irc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1543sp 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1543 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf650r",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf680r",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf685r",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1616",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1604",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic dk 16xx pn io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 lean",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x200 irt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x300",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x408",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x414",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xm400",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xr500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance w700",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance m 800",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance s615",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softnet profinet io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 adv",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ie pb link",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ie as i link pn io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter standard modem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie basic modem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie advanced modem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop psu8600",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ups1600 profinet",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200al",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200ecopn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1 std",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200mp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200pro",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200s",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pn pn coupler",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dk standard ethernet controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200p pn io",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200 pn io",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 200 smart",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1 adv",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sirius act 3su1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sirius soft starter 3rw44 pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sirius motor starter m200d profinet",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simocode pro v profinet",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcm",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1 opc ua",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g110m",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g120 c p d w pn",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s110 w pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics v90 w pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simotion",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1243 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi multi panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi mobile panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cm 1542 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1542sp 1",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
},
{
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-574"
},
{
"db": "NVD",
"id": "CVE-2017-2680"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200_pn_io_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_pn_io_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ie%2Fpb-link_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ie%2Fas-i_link_pn_io_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pn%2Fpn_coupler_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_m-800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_s615_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_w700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x200irt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x408_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x414_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_xm400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_xr500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cm_1542-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1243-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1542sp-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1543-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1543sp-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1604_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1616_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_lean_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_adv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_std_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_adv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_std_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_opc-ua_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_dk-16xx_pn_io_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200al_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200ecopn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200sp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_mobile_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_multi_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf650r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf680r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf685r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_software_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-200_smart_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_ie_advanced_modem_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_ie_basic_modem_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_standard_modem_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_winac_rtx_2010_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simocode_pro_v_profinet_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simotion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_dcm_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_dcp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_g110m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_g120%28c%2Fp%2Fd%29_w._pn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_g130_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_g150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics__s110_w._pn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_s120_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_s150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_v90_w._pn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sirius_act_3su1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sirius_motor_starter_m200d_profinet_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sirius_soft_starter_3rw44_pn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sitop_psu8600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ups1600_profinet_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:softnet_profinet_io_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.",
"sources": [
{
"db": "BID",
"id": "98369"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2680",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-2680",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-06151",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-110883",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2680",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2680",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2680",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2017-2680",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2017-2680",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-06151",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-574",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110883",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
},
{
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"db": "VULHUB",
"id": "VHN-110883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-574"
},
{
"db": "NVD",
"id": "CVE-2017-2680"
},
{
"db": "NVD",
"id": "CVE-2017-2680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are all industrial automation products from Siemens AG. A denial of service vulnerability exists in several industrial devices from Siemens. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-200 Smart, etc. Siemens SIMATIC S7-200 Smart is a programmable logic controller (PLC) used in small and medium-sized automation systems. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module used to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). SIRIUS Motor starter M200D PROFINET is a motor starter. The following products and versions are affected: Siemens Extension Unit 12\\\" PROFINET prior to V01.01.01; Extension Unit 15\\\" PROFINET prior to V01.01.01; Extension Unit 19\\\" PROFINET prior to V01.01.01; Extension Unit 22\\\" PROFINET SIMATIC CP 1242-7 GPRS V2 prior to V2.1.82; SIMATIC CP 1243-7 LTE/US prior to V2.1.82; SIMATIC CP 1243-8 prior to V2.1.82; SIMATIC CP 1626 V1.1 previous version",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2680"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
},
{
"db": "VULHUB",
"id": "VHN-110883"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2680",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-023-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-293562",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-284673",
"trust": 2.0
},
{
"db": "BID",
"id": "98369",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-546832",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1038463",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-129-02",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201705-574",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-06151",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-128-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134",
"trust": 0.8
},
{
"db": "IVD",
"id": "296C9514-B30D-4FA5-BCDC-9D8B2E9620C4",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99023",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-110883",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
},
{
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"db": "VULHUB",
"id": "VHN-110883"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-574"
},
{
"db": "NVD",
"id": "CVE-2017-2680"
}
]
},
"id": "VAR-201705-3220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
},
{
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"db": "VULHUB",
"id": "VHN-110883"
}
],
"trust": 1.5467968472
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
},
{
"db": "CNVD",
"id": "CNVD-2017-06151"
}
]
},
"last_update_date": "2025-04-20T23:20:01.379000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-293562",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
},
{
"title": "Patch for a number of Siemens products with a denial of service vulnerability (CNVD-2017-06151)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93364"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70052"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-574"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"db": "NVD",
"id": "CVE-2017-2680"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-023-02"
},
{
"trust": 2.0,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98369"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038463"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-02"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-284673.html"
},
{
"trust": 0.9,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2680"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-128-01"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2680"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-129-02"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"db": "VULHUB",
"id": "VHN-110883"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-574"
},
{
"db": "NVD",
"id": "CVE-2017-2680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
},
{
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"db": "VULHUB",
"id": "VHN-110883"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-574"
},
{
"db": "NVD",
"id": "CVE-2017-2680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "IVD",
"id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-110883"
},
{
"date": "2017-05-08T00:00:00",
"db": "BID",
"id": "98369"
},
{
"date": "2017-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"date": "2017-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-574"
},
{
"date": "2017-05-11T01:29:05.400000",
"db": "NVD",
"id": "CVE-2017-2680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06151"
},
{
"date": "2020-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-110883"
},
{
"date": "2018-05-09T14:00:00",
"db": "BID",
"id": "98369"
},
{
"date": "2018-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004134"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-574"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-574"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-574"
}
],
"trust": 0.6
}
}
VAR-201705-3221
Vulnerability from variot - Updated: 2025-04-20 23:20Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. SIMATIC HMI is an industrial device from Siemens AG, Germany. The SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions < V3.2.17), SIMATIC CP 443-1 Adv (All versions < V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions < V2.1.82), SIMATIC CP 1243-1 IRC (All versions < V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions < V2.0), SIMATIC CM 1542SP-1 (All versions < V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions < V1.0.15), SIMATIC CP 1543SP-1 (All versions < V1.0.15), SIMATIC CP 1543-1 (All versions < V2.1), SIMATIC RF650R (All versions < V3.0), SIMATIC RF680R (All versions < V3.0), SIMATIC RF685R (All versions < V3.0), SIMATIC CP 1616 (All versions < V2.7), SIMATIC CP 1604 (All versions < V2.7), SIMATIC DK-16xx PN IO (All versions < V2.7), SCALANCE X-200 (All versions < V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions < V4.1.0), SCALANCE X414 (All versions < V3.10.2), SCALANCE XM400 (All versions < V6.1), SCALANCE XR500 (All versions < V6.1), SCALANCE W700 (All versions < V6.1), SCALANCE M-800, S615 (All versions < V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions < V14 SP1), IE/PB-Link (All versions < V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions < V1.2.0), SITOP UPS1600 PROFINET (All versions < V2.2.0), SIMATIC ET 200AL (All versions < V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions < V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions < V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions < V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions < V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions < V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions < V2.3), SIMATIC S7-300 incl. F and T (All versions < V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.6), SIMATIC S7-400-H V6 (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions < V7.0.2), SIMATIC S7-410 (All versions < V8.2), SIMATIC S7-1200 incl. F (All versions < V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions < V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions < V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions < V2.0.0), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions < V1.2 HF 1), SINAMICS G110M w. PN (All versions < V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions < V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions < V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF27), and others. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Siemens SIMATIC S7-300 F, etc. Siemens SIMATIC S7-300 F is a process controller. SIMATIC HMI Comfort Panels are touch screens
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinumerik 840d sl",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinumerik 840d sl",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "sinumerik 828d",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinumerik 828d",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi mobile panels",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic tdc cpu555",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.1"
},
{
"model": "sinamics g120\\ pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic s7-1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "sinamics v90 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.01"
},
{
"model": "dk standard ethernet controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "sinamics dcm",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.4"
},
{
"model": "pn\\/pn coupler",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "sinamics dcm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.4"
},
{
"model": "ups1600 profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2.0"
},
{
"model": "simatic cp 1542sp-1 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.15"
},
{
"model": "simatic teleservice adapter ie basic modem",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.03"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "ie\\/as-i link pn io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1543sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.15"
},
{
"model": "simatic et 200s",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 343-1 lean",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1.3"
},
{
"model": "simatic teleservice adapter ie advanced modem",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics g110m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sirius act 3su1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "ek-ertec 200 pn io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "sinamics g110m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic teleservice adapter standard modem",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "simatic cp 1243-1 dnp3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "ek-ertec 200 pn io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "simatic rf685r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance x408",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "simatic tdc cp51m1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.8"
},
{
"model": "simatic cp 443-1 std",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.17"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic cm 1542sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.15"
},
{
"model": "sinumerik 840d sl",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "ek-ertec 200p pn io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "sinamics g130",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sirius motor starter m200d profinet",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.03"
},
{
"model": "ek-ertec 200p pn io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "simocode pro v profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.0"
},
{
"model": "simatic cp 443-1 opc-ua",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200mp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0.1"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "scalance x414",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.10.2"
},
{
"model": "scalance x200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.2"
},
{
"model": "sinamics dcp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2"
},
{
"model": "sinamics s120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics dcp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2"
},
{
"model": "scalance w700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "simatic cp 343-1 std",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1.3"
},
{
"model": "simatic cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.15"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic dk-16xx pn io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "sirius soft starter 3rw44 pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200sp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": "simatic et 200m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cm 1542-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic cp 1543sp-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "sinumerik 840d sl",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic cp 1243-1 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.82"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic et 200ecopn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic winac rtx",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinumerik 828d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "simatic hmi mobile panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic cp 1616",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic s7-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0.6"
},
{
"model": "softnet profinet io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic rf680r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "softnet profinet io",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "scalance xm400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "sinamics s110 pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "simatic hmi multi panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "ie\\/pb-link",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic cp 1243-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.82"
},
{
"model": "sitop psu8600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.0"
},
{
"model": "sinamics s110 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "simatic s7-200 smart",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "simatic rf650r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic et 200al",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.2"
},
{
"model": "scalance x200 irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.4.0"
},
{
"model": "simotion",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "simatic cp 1604",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic cp 443-1 adv",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.17"
},
{
"model": "simatic s7-300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinumerik 828d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simotion",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "simatic cp 1243-1 iec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 343-1 adv",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "dk standard ethernet controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "dk standard ethernet controller",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200 pn io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200p pn io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ie/as-i link pn io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ie/pb-link",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pn/pn coupler",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w700",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x200 irt",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x408",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x414",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xm400",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr500",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cm 1542-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1243-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1542sp-1 irc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1542sp-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1543-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1543sp-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1604",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1616",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 adv",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 lean",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 std",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 adv",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 opc-ua",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 std",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic dk-16xx pn io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200al",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200ecopn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200m",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200mp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200pro",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200s",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200sp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi multi panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf650r",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf680r",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf685r",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-200 smart",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie basic",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter standard modem",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx 2010",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simocode pro v profinet",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simotion",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics dcm",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics dcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g110m",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g120 w. pn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g130",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g150",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s110 w. pn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s150",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics v90 w. pn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik 828d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik 840d sl",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sirius act 3su1 interface module profinet",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sirius motor starter m200d profinet",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sirius soft starter 3rw44 pn",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sitop psu8600",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sitop ups1600 profinet",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "softnet profinet io",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "for pc-based windows systems firmware"
},
{
"model": "simatic hmi multi panels",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi mobile panels",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s110 w. pn",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sinumerik 828d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sinumerik 840d sl",
"version": "*"
},
{
"model": "ups1600 profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "softnet profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sitop psu8600",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sirius soft starter 3rw44 pn",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sirius act 3su1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinumerik 840d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinumerik 828d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinamics sm150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7.5"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7.4"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simotion",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "20100"
},
{
"model": "simatic teleservice adapter standard modem",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-400",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-300",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-200 smart",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf685r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf680r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf650r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2000"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "343-10"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16260"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16160"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16040"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1543-12.0.28"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1543-10"
},
{
"model": "simatic cp 1542sp-1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic cp irc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-80"
},
{
"model": "simatic cp lte eu/us",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-70"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-10"
},
{
"model": "simatic cp gprs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1242-7v20"
},
{
"model": "scalance xr500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance xm400",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x4140"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x4084.0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x4083.0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x3000"
},
{
"model": "scalance irt",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x2000"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x2000"
},
{
"model": "scalance w700 series",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "scalance w700 series",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.5.4"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.02"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ie/as-i link pn io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "extension unit profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "22?0"
},
{
"model": "extension unit profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "19?0"
},
{
"model": "extension unit profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15?0"
},
{
"model": "extension unit profinet",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12?0"
},
{
"model": "e/pb-link",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinumerik 840d sl",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinumerik 828d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sm120 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics sl150 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gm150 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gl150 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gh150 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic rf685r",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic rf680r",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.7"
},
{
"model": "simatic cp 1604d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic cp irc",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-82.1.82"
},
{
"model": "simatic cp lte eu/us",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1243-72.1.82"
},
{
"model": "simatic cp gprs",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1242-7v22.1.82"
},
{
"model": "simatic rf650r",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "443-13.2.17"
},
{
"model": "simatic cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15431.2.1"
},
{
"model": "simatic cm1542",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.2"
},
{
"model": "scalance w700",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "extension unit profinet",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "22?1.1.1"
},
{
"model": "extension unit profinet",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "19?1.1.1"
},
{
"model": "extension unit profinet",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15?1.1.1"
},
{
"model": "extension unit profinet",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "12?1.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 std",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1542sp 1 irc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1543sp 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1543 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf650r",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf680r",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf685r",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1616",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1604",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic dk 16xx pn io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 lean",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x200 irt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x300",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x408",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x414",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xm400",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xr500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance w700",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance m 800",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance s615",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softnet profinet io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 adv",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ie pb link",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ie as i link pn io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter standard modem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie basic modem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie advanced modem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop psu8600",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ups1600 profinet",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200al",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200ecopn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1 std",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200mp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200pro",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200s",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pn pn coupler",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dk standard ethernet controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200p pn io",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200 pn io",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 200 smart",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1 adv",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sirius act 3su1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sirius soft starter 3rw44 pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sirius motor starter m200d profinet",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simocode pro v profinet",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcm",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1 opc ua",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g110m",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g120 c p d w pn",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s110 w pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics v90 w pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simotion",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1243 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi multi panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi mobile panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cm 1542 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1542sp 1",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-639"
},
{
"db": "NVD",
"id": "CVE-2017-2681"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200_pn_io_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_pn_io_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ie%2Fpb-link_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ie%2Fas-i_link_pn_io_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pn%2Fpn_coupler_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_m-800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_s615_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_w700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x200irt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x408_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x414_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_xm400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_xr500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cm_1542-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1243-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1542sp-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1543-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1543sp-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1604_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1616_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_lean_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_adv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_std_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_adv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_std_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_opc-ua_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_dk-16xx_pn_io_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200al_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200ecopn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200sp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_mobile_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_multi_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf650r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf680r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf685r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_software_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-200_smart_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_ie_advanced_modem_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_ie_basic_modem_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_standard_modem_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_winac_rtx_2010_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simocode_pro_v_profinet_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simotion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_dcm_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_dcp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_g110m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_g120%28c%2Fp%2Fd%29_w._pn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_g130_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_g150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics__s110_w._pn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_s120_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_s150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_v90_w._pn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sirius_act_3su1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sirius_motor_starter_m200d_profinet_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sirius_soft_starter_3rw44_pn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sitop_psu8600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ups1600_profinet_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:softnet_profinet_io_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.",
"sources": [
{
"db": "BID",
"id": "98369"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-2681",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-06153",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "33467505-7492-4ae1-b978-12f61201709a",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-110884",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2681",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2681",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2681",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2017-2681",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2017-2681",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-06153",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-639",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110884",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"db": "VULHUB",
"id": "VHN-110884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-639"
},
{
"db": "NVD",
"id": "CVE-2017-2681"
},
{
"db": "NVD",
"id": "CVE-2017-2681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. SIMATIC HMI is an industrial device from Siemens AG, Germany. The SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions \u003c V3.2.17), SIMATIC CP 443-1 Adv (All versions \u003c V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions \u003c V2.1.82), SIMATIC CP 1243-1 IRC (All versions \u003c V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions \u003c V2.0), SIMATIC CM 1542SP-1 (All versions \u003c V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions \u003c V1.0.15), SIMATIC CP 1543SP-1 (All versions \u003c V1.0.15), SIMATIC CP 1543-1 (All versions \u003c V2.1), SIMATIC RF650R (All versions \u003c V3.0), SIMATIC RF680R (All versions \u003c V3.0), SIMATIC RF685R (All versions \u003c V3.0), SIMATIC CP 1616 (All versions \u003c V2.7), SIMATIC CP 1604 (All versions \u003c V2.7), SIMATIC DK-16xx PN IO (All versions \u003c V2.7), SCALANCE X-200 (All versions \u003c V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions \u003c V4.1.0), SCALANCE X414 (All versions \u003c V3.10.2), SCALANCE XM400 (All versions \u003c V6.1), SCALANCE XR500 (All versions \u003c V6.1), SCALANCE W700 (All versions \u003c V6.1), SCALANCE M-800, S615 (All versions \u003c V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions \u003c V14 SP1), IE/PB-Link (All versions \u003c V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions \u003c V1.2.0), SITOP UPS1600 PROFINET (All versions \u003c V2.2.0), SIMATIC ET 200AL (All versions \u003c V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions \u003c V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions \u003c V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions \u003c V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions \u003c V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions \u003c V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions \u003c V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions \u003c V2.3), SIMATIC S7-300 incl. F and T (All versions \u003c V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions \u003c V6.0.6), SIMATIC S7-400-H V6 (All versions \u003c V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions \u003c V7.0.2), SIMATIC S7-410 (All versions \u003c V8.2), SIMATIC S7-1200 incl. F (All versions \u003c V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions \u003c V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions \u003c V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions \u003c V2.0.0), SINAMICS DCM w. PN (All versions \u003c V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions \u003c V1.2 HF 1), SINAMICS G110M w. PN (All versions \u003c V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions \u003c V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions \u003c V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions \u003c V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions \u003c V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions \u003c V4.8 HF4), SINAMICS S110 w. PN (All versions \u003c V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions \u003c V4.7 HF27), and others. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Siemens SIMATIC S7-300 F, etc. Siemens SIMATIC S7-300 F is a process controller. SIMATIC HMI Comfort Panels are touch screens",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2681"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"db": "VULHUB",
"id": "VHN-110884"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2681",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-293562",
"trust": 2.6
},
{
"db": "BID",
"id": "98369",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038463",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-129-02",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2017-06153",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-639",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-023-02",
"trust": 0.3
},
{
"db": "SIEMENS",
"id": "SSA-284673",
"trust": 0.3
},
{
"db": "IVD",
"id": "33467505-7492-4AE1-B978-12F61201709A",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-110884",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"db": "VULHUB",
"id": "VHN-110884"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-639"
},
{
"db": "NVD",
"id": "CVE-2017-2681"
}
]
},
"id": "VAR-201705-3221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"db": "VULHUB",
"id": "VHN-110884"
}
],
"trust": 1.5075520524444446
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06153"
}
]
},
"last_update_date": "2025-04-20T23:20:01.333000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-293562",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
},
{
"title": "Patch for Siemens SIMATIC HMI Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93365"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70109"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-639"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"db": "NVD",
"id": "CVE-2017-2681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98369"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038463"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-02"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2681"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2681"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-129-02"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-023-02"
},
{
"trust": 0.3,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"db": "VULHUB",
"id": "VHN-110884"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-639"
},
{
"db": "NVD",
"id": "CVE-2017-2681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"db": "VULHUB",
"id": "VHN-110884"
},
{
"db": "BID",
"id": "98369"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-639"
},
{
"db": "NVD",
"id": "CVE-2017-2681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-110884"
},
{
"date": "2017-05-08T00:00:00",
"db": "BID",
"id": "98369"
},
{
"date": "2017-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"date": "2017-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-639"
},
{
"date": "2017-05-11T10:29:00.180000",
"db": "NVD",
"id": "CVE-2017-2681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06153"
},
{
"date": "2020-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-110884"
},
{
"date": "2018-05-09T14:00:00",
"db": "BID",
"id": "98369"
},
{
"date": "2017-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004135"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-639"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-639"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "33467505-7492-4ae1-b978-12f61201709a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06153"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-639"
}
],
"trust": 0.6
}
}
VAR-201609-0482
Vulnerability from variot - Updated: 2025-04-13 23:25The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. The SCALANCE M series are industrial routers used to secure remote access.
SIEMENS SCALANCE m-800 / S61 module has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information, posing a risk of information leakage. Successful exploits may lead to other attacks. Versions prior to Siemens Scalance M-800 / S615 4.02 are vulnerable. Both Siemens Scalance M-800 and S615 are products of Siemens, Germany. The former is an industrial router and the latter is a firewall
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance s615",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.01"
},
{
"model": "scalance m-800",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.01"
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "4.02"
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "4.02"
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.01"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.01"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance s-615",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.02"
},
{
"model": "scalance m-800",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"db": "BID",
"id": "93115"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
},
{
"db": "NVD",
"id": "CVE-2016-7090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:siemens:scalance_m-800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_m-800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:scalance_s615",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_s615_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Van Maele and Tijl Deneut from HOWEST.",
"sources": [
{
"db": "BID",
"id": "93115"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-7090",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2016-07905",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-95910",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2016-7090",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7090",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-7090",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-07905",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-573",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95910",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"db": "VULHUB",
"id": "VHN-95910"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
},
{
"db": "NVD",
"id": "CVE-2016-7090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. The SCALANCE M series are industrial routers used to secure remote access. \n\nSIEMENS SCALANCE m-800 / S61 module has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information, posing a risk of information leakage. Successful exploits may lead to other attacks. \nVersions prior to Siemens Scalance M-800 / S615 4.02 are vulnerable. Both Siemens Scalance M-800 and S615 are products of Siemens, Germany. The former is an industrial router and the latter is a firewall",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7090"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"db": "BID",
"id": "93115"
},
{
"db": "VULHUB",
"id": "VHN-95910"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7090",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-271-01",
"trust": 2.8
},
{
"db": "BID",
"id": "93115",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-342135",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-573",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-07905",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95910",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"db": "VULHUB",
"id": "VHN-95910"
},
{
"db": "BID",
"id": "93115"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
},
{
"db": "NVD",
"id": "CVE-2016-7090"
}
]
},
"id": "VAR-201609-0482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"db": "VULHUB",
"id": "VHN-95910"
}
],
"trust": 1.3438174866666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07905"
}
]
},
"last_update_date": "2025-04-13T23:25:08.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-342135",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-342135.pdf"
},
{
"title": "Patch for Information disclosure vulnerability in SIEMENS SCALANCE m-800 / S61 module",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/81618"
},
{
"title": "Siemens Scalance M-800 and S615 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64295"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95910"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"db": "NVD",
"id": "CVE-2016-7090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-271-01"
},
{
"trust": 2.0,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-342135.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93115"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7090"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7090"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95910"
},
{
"db": "BID",
"id": "93115"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
},
{
"db": "NVD",
"id": "CVE-2016-7090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"db": "VULHUB",
"id": "VHN-95910"
},
{
"db": "BID",
"id": "93115"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
},
{
"db": "NVD",
"id": "CVE-2016-7090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"date": "2016-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-95910"
},
{
"date": "2016-09-22T00:00:00",
"db": "BID",
"id": "93115"
},
{
"date": "2016-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"date": "2016-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-573"
},
{
"date": "2016-09-29T10:59:03.893000",
"db": "NVD",
"id": "CVE-2016-7090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07905"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95910"
},
{
"date": "2016-09-28T00:02:00",
"db": "BID",
"id": "93115"
},
{
"date": "2016-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005051"
},
{
"date": "2016-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-573"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-7090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SCALANCE M-800 and S615 Module firmware integration Web Session on server Cookie Vulnerability that is captured",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005051"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-573"
}
],
"trust": 0.6
}
}
VAR-202107-1608
Vulnerability from variot - Updated: 2024-12-10 21:10Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. Multiple Siemens products contain vulnerabilities in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens SCALANCE S602是德国西门子(Siemens)公司的一款工业安全设备. Siemens多款产品 存在安全漏洞,该漏洞允许攻击者执行拒绝服务攻击。以下产品和版本受到影响:Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), RUGGEDCOM RM1224 (All Versions < 6.4), SCALANCE M-800 (All Versions < 6.4), SCALANCE S615 (All Versions < 6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions), SCALANCE XC-200 (All versions), SCALANCE XF-200BA (All versions), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions), SCALANCE XR-300WG (All versions), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions >= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1608",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance x307-3ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x306-1ldfe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x204-2fm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x310fe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic profinet driver",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "simocode prov profinet",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance x307-3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x208",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf208",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x216",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x224",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xf204 irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance x208pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "simatic net dk-16xx pn io",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "scalance x200-4 p irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance xf204-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "simatic s7-1200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance x320-3ldfe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x201-3p irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance x308-2m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x206-1ld",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "simatic mv500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance xf204-2ba irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "simatic net cm 1542-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x310",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "softnet-ie pnio",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ruggedcom rm1224",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance xf201-3p irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance xr324-12m ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "dk standard ethernet controller evaluation kit",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance w1700",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x308-2lh",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x202-2 irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance x308-2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.3.1"
},
{
"model": "scalance w700",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x204-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x308-2lh\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x304-2fe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x212-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "simatic power line booster plb",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x204-2ld",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xr324-4m poe ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.3.1"
},
{
"model": "scalance x204 irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance x204 irt pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "simatic net cp1604",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "scalance x202-2p irt pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "ek-ertec 200 evaulation kit",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x206-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "simatic net cp1616",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "scalance x212-2ld",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "simocode prov ethernet\\/ip",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.3"
},
{
"model": "scalance x308-2m poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance x308-2m ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf204",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "simatic net cp1626",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-12m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x204-2ld ts",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x308-2ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x320-1fe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cfu pa",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x204-2ts",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xr324-4m poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ek-ertec 200p evaluation kit",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "scalance x302-7eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ie\\/pb-link v3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf206-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x201-3p irt pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xf202-2p irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance x307-2eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x200-4p irt",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "dk standard ethernet controller evaluation kit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w1700",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ek-ertec 200p evaluation kit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x201-3p irt",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ek-ertec 200 evaluation kit",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rm1224",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"db": "NVD",
"id": "CVE-2020-28400"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
}
],
"trust": 0.6
},
"cve": "CVE-2020-28400",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-28400",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-28400",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-28400",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-28400",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2020-28400",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2020-28400",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-901",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
},
{
"db": "NVD",
"id": "CVE-2020-28400"
},
{
"db": "NVD",
"id": "CVE-2020-28400"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. Multiple Siemens products contain vulnerabilities in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens SCALANCE S602\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u5b89\u5168\u8bbe\u5907. \nSiemens\u591a\u6b3e\u4ea7\u54c1 \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aDevelopment/Evaluation Kits for PROFINET IO\uff1a DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO\uff1a EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO\uff1a EK-ERTEC 200P (All versions), RUGGEDCOM RM1224 (All Versions \uff1c 6.4), SCALANCE M-800 (All Versions \uff1c 6.4), SCALANCE S615 (All Versions \uff1c 6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions \uff1c V5.5.0), SCALANCE X201-3P IRT (All Versions \uff1c V5.5.0), SCALANCE X201-3P IRT PRO (All Versions \uff1c V5.5.0), SCALANCE X202-2 IRT (All Versions \uff1c V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions \uff1c V5.5.0), SCALANCE X202-2P IRT PRO (All Versions \uff1c V5.5.0), SCALANCE X204 IRT (All Versions \uff1c V5.5.0), SCALANCE X204 IRT PRO (All Versions \uff1c V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions), SCALANCE XC-200 (All versions), SCALANCE XF-200BA (All versions), SCALANCE XF201-3P IRT (All Versions \uff1c V5.5.0), SCALANCE XF202-2P IRT (All Versions \uff1c V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions \uff1c V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions \uff1c V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions \uff1c V6.3.1), SCALANCE XP-200 (All versions), SCALANCE XR-300WG (All versions), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions \uff1c V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions \uff1c V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions \uff1e= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions \uff1e= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB\uff1a 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions \uff1c V4.5), SIMOCODE proV Ethernet/IP (All versions \uff1c V1.1.3), SIMOCODE proV PROFINET (All versions \uff1c V2.1.3), SOFTNET-IE PNIO (All versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
},
{
"db": "VULMON",
"id": "CVE-2020-28400"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28400",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-194-03",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-599968",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010133",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2401",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071416",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-901",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-28400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
},
{
"db": "NVD",
"id": "CVE-2020-28400"
}
]
},
"id": "VAR-202107-1608",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5441019396774194
},
"last_update_date": "2024-12-10T21:10:13.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-599968",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf"
},
{
"title": "Siemens Various product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156594"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=77fc0ba2dcd8966c9a1f7eb47b8603ca"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"db": "NVD",
"id": "CVE-2020-28400"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599968.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28400"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-194-03"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-ruggedcom-simatic-denial-of-service-via-profinet-dcp-reset-35890"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071416"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2401"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-599968.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
},
{
"db": "NVD",
"id": "CVE-2020-28400"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
},
{
"db": "NVD",
"id": "CVE-2020-28400"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28400"
},
{
"date": "2022-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-901"
},
{
"date": "2021-07-13T11:15:08.960000",
"db": "NVD",
"id": "CVE-2020-28400"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28400"
},
{
"date": "2022-06-22T02:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-010133"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-901"
},
{
"date": "2024-12-10T14:15:19.373000",
"db": "NVD",
"id": "CVE-2020-28400"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-901"
}
],
"trust": 1.2
}
}
VAR-202103-0976
Vulnerability from variot - Updated: 2024-11-23 21:21A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. plural Siemens The product is vulnerable to improper restrictions on excessive authentication attempts.Denial of service (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio.
Siemens SCALANCE and RUGGEDCOM devices have a denial of service vulnerability. An attacker can use the vulnerability to trigger a temporary denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0976",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance m-800",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.3"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.3"
},
{
"model": "ruggedcom rm1224",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.3"
},
{
"model": "scalance sc-600",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "scalance sc-600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "ruggedcom rm1224",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-600",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-600",
"scope": "gte",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.1,\u003c2.1.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16444"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"db": "NVD",
"id": "CVE-2021-25676"
}
]
},
"cve": "CVE-2021-25676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-25676",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-16444",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-25676",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25676",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-25676",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-25676",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-16444",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-690",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16444"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-690"
},
{
"db": "NVD",
"id": "CVE-2021-25676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions \u003e= V2.1 and \u003c V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. plural Siemens The product is vulnerable to improper restrictions on excessive authentication attempts.Denial of service (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio. \n\r\n\r\nSiemens SCALANCE and RUGGEDCOM devices have a denial of service vulnerability. An attacker can use the vulnerability to trigger a temporary denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25676"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"db": "CNVD",
"id": "CNVD-2021-16444"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25676",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-21-068-02",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-296266",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVNVU93441670",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004475",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-16444",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0846",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-690",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16444"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-690"
},
{
"db": "NVD",
"id": "CVE-2021-25676"
}
]
},
"id": "VAR-202103-0976",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16444"
}
],
"trust": 1.08788916
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16444"
}
]
},
"last_update_date": "2024-11-23T21:21:16.049000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-296266",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"title": "Siemens RUGGEDCOM Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144282"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-690"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "Inappropriate restriction of excessive authentication attempts (CWE-307) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"db": "NVD",
"id": "CVE-2021-25676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02"
},
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25676"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93441670/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-ruggedcom-rm1224-denial-of-service-via-failed-ssh-authentication-34784"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0846"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16444"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-690"
},
{
"db": "NVD",
"id": "CVE-2021-25676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-16444"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-690"
},
{
"db": "NVD",
"id": "CVE-2021-25676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16444"
},
{
"date": "2021-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-690"
},
{
"date": "2021-03-15T17:15:22.127000",
"db": "NVD",
"id": "CVE-2021-25676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16444"
},
{
"date": "2021-11-22T09:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-004475"
},
{
"date": "2021-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-690"
},
{
"date": "2024-11-21T05:55:16.667000",
"db": "NVD",
"id": "CVE-2021-25676"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-690"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Siemens\u00a0 Vulnerability in improperly limiting excessive authentication attempts in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004475"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-690"
}
],
"trust": 0.6
}
}
VAR-202002-0449
Vulnerability from variot - Updated: 2024-11-23 21:20Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack.
The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SCALANCE X-200IRT and SCALANCE XB-200 are products of the German company Siemens. SCALANCE X-200IRT is an industrial Ethernet switch. SCALANCE XB-200 is a managed industrial Ethernet switch. The vulnerability stems from the program's failure to limit the allocation of memory resources. A remote attacker can use the vulnerability by sending a specially crafted package to cause a denial of service. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinamics dcp",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "ruggedcom rm1224",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic et200mp im155-5 pn hf",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": "simatic et200mp im155-5 pn st",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "simatic et200sp im155-6 pn hf",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "3.3.1"
},
{
"model": "simatic et200sp im155-6 pn st",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "simatic cp 443-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et200pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "dk standard ethernet controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et200m im153-4 pn io st",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "scalance xb-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic et200al im 157-1 pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x-300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance x-200irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.3"
},
{
"model": "simatic cp 1616",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "simatic mv440",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "profinet driver",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "ek-ertec 200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "simatic et200m im153-4 pn io hf",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et200ecopn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "im 154-4 pn hf",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ek-ertec 200p",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "simatic cp 1604",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "scalance xc-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic cp 343-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et200s",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic ipc support",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic mv420",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic pn\\/pn coupler",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 343-1 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf180c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 443-1 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic cp 343-1 erpc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic cp 443-1 opc ua",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "im 154-3 pn hf",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic cp 343-1 lean",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11n",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0.1"
},
{
"model": "simatic et200sp im155-6 pn basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "dk standard ethernet controller",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200p p",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "profinet driver",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom rm1224",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w700 ieee 802.11n",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xc-200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic ipc support",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp lean",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "simatic cp advanced",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "simatic rf182c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pn/pn coupler 6es7158-3ad01-0xa0",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1616\u003c2.8"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1604\u003c2.8"
},
{
"model": "simatic cp advanced",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "443-1"
},
{
"model": "development/evaluation kits for profinet io dk standard ethernet controller",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "development/evaluation kits for profinet io ek-ertec",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "200\u003c4.5"
},
{
"model": "development/evaluation kits for profinet io ek-ertec 200p",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "profinet driver for controller",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "scalance m-800/s615",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance w700 ieee 802.11n",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=6.0.1"
},
{
"model": "scalance switch",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-200"
},
{
"model": "scalance x-200irt switch",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "5.3"
},
{
"model": "scalance switch",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-300"
},
{
"model": "scalance xm-400 switch",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "scalance xr-500 switch",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "simatic cp erpc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "443-1"
},
{
"model": "simatic cp opc ua",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "443-1"
},
{
"model": "simatic et200al im pn",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "157-1"
},
{
"model": "simatic et200m im153-4 pn io hf",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et200m im153-4 pn io st",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et200s",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et200sp im155-6 pn basic",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et200ecopn",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic ipc support,package for vxworks",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et200pro,im pn hf",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "154-3"
},
{
"model": "simatic et200pro,im pn hf",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "154-4"
},
{
"model": "simatic mv400",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf180c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf600",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scalance xp 200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scalance xb 200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scalance xr 300wg",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scalance xc 200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dk standard ethernet controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "profinet driver",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic ipc support",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 200irt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 200irt pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 300",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xr 300",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xf 200ba",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 400",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xm 400",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xr524",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xr526",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xr528",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xr552",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1616",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200p",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 erpc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 343 1 lean",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1 advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp 443 1 opc ua",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200al im 157 1 pn",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200m im153 4 pn io hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200m im153 4 pn io st",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rm1224",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200mp im155 5 pn hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200mp im155 5 pn st",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200sp im155 6 pn basic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200sp im155 6 pn hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200sp im155 6 pn st",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200ecopn",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et200pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "im 154 3 pn hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "im 154 4 pn hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance m 800",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic mv440",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic mv420",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pn pn coupler",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf180c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf182c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf600",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance s615",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance w700 ieee 802 11n",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance xf 200",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"db": "NVD",
"id": "CVE-2019-13946"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:profinet_driver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ruggedcom_rm1224_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_m-800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_s615_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_w700_ieee_802.11n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_xc-200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_ipc_support",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yuval Ardon and Matan Dobrushin of OTORIO reported this vulnerability to CISA and Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-455"
}
],
"trust": 0.6
},
"cve": "CVE-2019-13946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13946",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014603",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-23039",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13946",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014603",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-13946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014603",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-23039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-455",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-13946",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"db": "VULMON",
"id": "CVE-2019-13946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-455"
},
{
"db": "NVD",
"id": "CVE-2019-13946"
},
{
"db": "NVD",
"id": "CVE-2019-13946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface. \nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack. \n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SCALANCE X-200IRT and SCALANCE XB-200 are products of the German company Siemens. SCALANCE X-200IRT is an industrial Ethernet switch. SCALANCE XB-200 is a managed industrial Ethernet switch. The vulnerability stems from the program\u0027s failure to limit the allocation of memory resources. A remote attacker can use the vulnerability by sending a specially crafted package to cause a denial of service. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions \u003c V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions \u003c V4.6), PROFINET Driver for Controller (All Versions \u003c V2.1), RUGGEDCOM RM1224 (All versions \u003c V4.3), SCALANCE M-800 / S615 (All versions \u003c V4.3), SCALANCE W700 IEEE 802.11n (All versions \u003c= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions \u003c V3.0), SCALANCE XM-400 switch family (All Versions \u003c V6.0), SCALANCE XR-500 switch family (All Versions \u003c V6.0), SIMATIC CP 1616 and CP 1604 (All Versions \u003c V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions \u003c V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions \u003c V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions \u003c V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions \u003c V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions \u003c V3), SINAMICS DCP (All Versions \u003c V1.3), SOFTNET-IE PNIO (All versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"db": "VULMON",
"id": "CVE-2019-13946"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13946",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-780073",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-04",
"trust": 1.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-05",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2020-23039",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-455",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014603",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-08",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-07",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-09",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-06",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-01",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-10",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486.3",
"trust": 0.6
},
{
"db": "IVD",
"id": "1044E3A5-DC26-4D11-BF22-4B3EB64F5CC9",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-13946",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"db": "VULMON",
"id": "CVE-2019-13946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-455"
},
{
"db": "NVD",
"id": "CVE-2019-13946"
}
]
},
"id": "VAR-202002-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"db": "CNVD",
"id": "CNVD-2020-23039"
}
],
"trust": 1.578657311794872
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"db": "CNVD",
"id": "CNVD-2020-23039"
}
]
},
"last_update_date": "2024-11-23T21:20:13.631000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-780073",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
},
{
"title": "Patch for Multiple Siemens product resource management error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/214023"
},
{
"title": "Multiple Siemens Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=108751"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8b423421a5be04457be73209a34b15cb"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"db": "VULMON",
"id": "CVE-2019-13946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-455"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"db": "NVD",
"id": "CVE-2019-13946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13946"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13946"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-042-04"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-042-04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"db": "VULMON",
"id": "CVE-2019-13946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-455"
},
{
"db": "NVD",
"id": "CVE-2019-13946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"db": "VULMON",
"id": "CVE-2019-13946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-455"
},
{
"db": "NVD",
"id": "CVE-2019-13946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"date": "2020-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"date": "2020-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13946"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"date": "2020-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-455"
},
{
"date": "2020-02-11T16:15:15.023000",
"db": "NVD",
"id": "CVE-2019-13946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23039"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13946"
},
{
"date": "2020-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014603"
},
{
"date": "2023-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-455"
},
{
"date": "2024-11-21T04:25:45.080000",
"db": "NVD",
"id": "CVE-2019-13946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-455"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource exhaustion vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014603"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-455"
}
],
"trust": 0.8
}
}
VAR-202103-0982
Vulnerability from variot - Updated: 2024-11-23 21:12A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. plural Siemens The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. SCALANCE X switches are used to connect industrial components, such as programmable logic controllers (PLC) or human machine interfaces (HMI). RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio.
Siemens SCALANCE and RuggedCmd devices have stack overflow vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0982",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance m-800",
"scope": "gte",
"trust": 1.6,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance s615",
"scope": "gte",
"trust": 1.6,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xm400",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "scalance xr500",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "ruggedcom rm1224",
"scope": "gte",
"trust": 1.6,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance x300wg",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance sc642-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "scalance sc622-2c",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "scalance sc636-2c",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "scalance sc642-2c",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "scalance sc632-2c",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "scalance sc642-2c",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "scalance sc632-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance sc646-2c",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "scalance sc636-2c",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "ruggedcom rm1224",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance sc622-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "scalance sc646-2c",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "scalance sc632-2c",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "scalance sc622-2c",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance sc636-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "scalance sc-646-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-622-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xm400",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-642-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rm1224",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-632-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xr500",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-636-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-600 family",
"scope": "gte",
"trust": 0.6,
"vendor": "siemens",
"version": "2.0,\u003c2.1.3"
},
{
"model": "scalance family",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "xx200\u003c4.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16434"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"db": "NVD",
"id": "CVE-2021-25667"
}
]
},
"cve": "CVE-2021-25667",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2021-25667",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-16434",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-25667",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25667",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-25667",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-25667",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-16434",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-683",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25667",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16434"
},
{
"db": "VULMON",
"id": "CVE-2021-25667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-683"
},
{
"db": "NVD",
"id": "CVE-2021-25667"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. plural Siemens The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. SCALANCE X switches are used to connect industrial components, such as programmable logic controllers (PLC) or human machine interfaces (HMI). RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio. \n\r\n\r\nSiemens SCALANCE and RuggedCmd devices have stack overflow vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"db": "CNVD",
"id": "CNVD-2021-16434"
},
{
"db": "VULMON",
"id": "CVE-2021-25667"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25667",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-21-068-03",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-979775",
"trust": 2.3
},
{
"db": "JVN",
"id": "JVNVU93441670",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004470",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-16434",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0846",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-683",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25667",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16434"
},
{
"db": "VULMON",
"id": "CVE-2021-25667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-683"
},
{
"db": "NVD",
"id": "CVE-2021-25667"
}
]
},
"id": "VAR-202103-0982",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16434"
}
],
"trust": 1.1865065119999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16434"
}
]
},
"last_update_date": "2024-11-23T21:12:41.416000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-979775",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"title": "Siemens RUGGEDCOM RM1224 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144543"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=02a3bef451a548084110a18d27dea153"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-25667 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/namewreck-bugs-businesses/165385/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-683"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"db": "NVD",
"id": "CVE-2021-25667"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
},
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25667"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93441670/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-ruggedcom-rm1224-buffer-overflow-via-stp-bpdu-frames-34782"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0846"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-25667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/namewreck-bugs-businesses/165385/"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-979775.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16434"
},
{
"db": "VULMON",
"id": "CVE-2021-25667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-683"
},
{
"db": "NVD",
"id": "CVE-2021-25667"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-16434"
},
{
"db": "VULMON",
"id": "CVE-2021-25667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-683"
},
{
"db": "NVD",
"id": "CVE-2021-25667"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16434"
},
{
"date": "2021-03-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25667"
},
{
"date": "2021-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-683"
},
{
"date": "2021-03-15T17:15:21.690000",
"db": "NVD",
"id": "CVE-2021-25667"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16434"
},
{
"date": "2022-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25667"
},
{
"date": "2021-11-22T09:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-004470"
},
{
"date": "2021-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-683"
},
{
"date": "2024-11-21T05:55:15.360000",
"db": "NVD",
"id": "CVE-2021-25667"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-683"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Siemens\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004470"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-683"
}
],
"trust": 0.6
}
}
VAR-202208-0612
Vulnerability from variot - Updated: 2024-08-14 14:17Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0612",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance xr552-12m 2hr2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2g poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11ac",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb205-3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc-600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xb208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m poe ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc642-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance sc632-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xr324-12m ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf204-2ba irt",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm400",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11n",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb213-3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm416-4c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr328-4c wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2g poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb205-3ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc636-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xc206-2sfp eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf204-2ba dna",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf-200ba",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m 2hr2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12m 2hr2 l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11ax",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb213-3ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-4c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr326-2c poe wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-12m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m 2hr2 l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc622-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xc208g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xc216-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm416-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc-646-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb205-3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-600",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc206-2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb-200",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11ax",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb216",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-622-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc-200",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb213-3ld",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-632-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb213-3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-642-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11ac",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11n",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb205-3ld",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-636-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb208",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "scalance sc-600 family",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.3.1"
},
{
"model": "scalance w-700 ieee 802.11ax family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w-700 ieee 802.11n family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w-1700 ieee 802.11ac family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xb-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xc-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xf-200ba switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xm-400 family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xp-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr-300wg switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr-500 family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"db": "NVD",
"id": "CVE-2022-36325"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens has reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2711"
}
],
"trust": 0.6
},
"cve": "CVE-2022-36325",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-56474",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2022-36325",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2022-36325",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-36325",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-36325",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2022-36325",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-36325",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-56474",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2711",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2711"
},
{
"db": "NVD",
"id": "CVE-2022-36325"
},
{
"db": "NVD",
"id": "CVE-2022-36325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions \u003c V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"db": "VULMON",
"id": "CVE-2022-36325"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36325",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-710008",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-223-07",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU90767165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014931",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-56474",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4032",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2711",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-36325",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"db": "VULMON",
"id": "CVE-2022-36325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2711"
},
{
"db": "NVD",
"id": "CVE-2022-36325"
}
]
},
"id": "VAR-202208-0612",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56474"
}
],
"trust": 1.2477712656666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56474"
}
]
},
"last_update_date": "2024-08-14T14:17:48.938000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Unknown Vulnerability in Siemens SCALANCE Products (CNVD-2022-56474)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/343626"
},
{
"title": "Siemens SCALANCE Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243184"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2711"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-80",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"db": "NVD",
"id": "CVE-2022-36325"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90767165/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36325"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36325/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4032"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-223-07"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/80.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"db": "VULMON",
"id": "CVE-2022-36325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2711"
},
{
"db": "NVD",
"id": "CVE-2022-36325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"db": "VULMON",
"id": "CVE-2022-36325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2711"
},
{
"db": "NVD",
"id": "CVE-2022-36325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36325"
},
{
"date": "2023-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2711"
},
{
"date": "2022-08-10T12:15:12.997000",
"db": "NVD",
"id": "CVE-2022-36325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-56474"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36325"
},
{
"date": "2023-09-22T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2022-014931"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2711"
},
{
"date": "2023-06-27T19:51:47.307000",
"db": "NVD",
"id": "CVE-2022-36325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2711"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014931"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2711"
}
],
"trust": 0.6
}
}
VAR-202208-0610
Vulnerability from variot - Updated: 2024-08-14 14:17Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. SCALANCE M-800 firmware, SCALANCE S615 firmware, scalance w700 ieee 802.11ax Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. The SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions for firewalls to prevent unauthorized access, as well as VPN to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0610",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance xc206-2sfp g",
"scope": null,
"trust": 1.6,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xr552-12m 2hr2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2g poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11ac",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb205-3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m poe ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-12m ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf204-2ba irt",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm400",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11n",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb213-3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm416-4c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr328-4c wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2g poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb205-3ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf204-2ba dna",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf-200ba",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m 2hr2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12m 2hr2 l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11ax",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb213-3ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-4c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr326-2c poe wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-12m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m 2hr2 l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm416-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb205-3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc206-2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb-200",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb216",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11ax",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc-200",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc206-2sfp g eec",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb213-3ld",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb213-3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc206-2g poe eec",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11n",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11ac",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb205-3ld",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc206-2sfp eec",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb208",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc206-2g poe",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "scalance w-700 ieee 802.11ax family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w-700 ieee 802.11n family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w-1700 ieee 802.11ac family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xb-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xc-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xf-200ba switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xm-400 family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xp-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr-300wg switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr-500 family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"db": "NVD",
"id": "CVE-2022-36324"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens has reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2714"
}
],
"trust": 0.6
},
"cve": "CVE-2022-36324",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-56475",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-36324",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-36324",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-36324",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2022-36324",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-36324",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-56475",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2714",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2714"
},
{
"db": "NVD",
"id": "CVE-2022-36324"
},
{
"db": "NVD",
"id": "CVE-2022-36324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. SCALANCE M-800 firmware, SCALANCE S615 firmware, scalance w700 ieee 802.11ax Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. The SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions for firewalls to prevent unauthorized access, as well as VPN to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36324"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"db": "VULMON",
"id": "CVE-2022-36324"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36324",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-710008",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-223-07",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU90767165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014932",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-56475",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4032",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2714",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-36324",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"db": "VULMON",
"id": "CVE-2022-36324"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2714"
},
{
"db": "NVD",
"id": "CVE-2022-36324"
}
]
},
"id": "VAR-202208-0610",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56475"
}
],
"trust": 1.2363483332142855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56475"
}
]
},
"last_update_date": "2024-08-14T14:17:48.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Unknown Vulnerability in Siemens SCALANCE Products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/343621"
},
{
"title": "Multiple Siemens SCALANCE Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207453"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"db": "NVD",
"id": "CVE-2022-36324"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90767165/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36324"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4032"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36324/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-223-07"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"db": "VULMON",
"id": "CVE-2022-36324"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2714"
},
{
"db": "NVD",
"id": "CVE-2022-36324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"db": "VULMON",
"id": "CVE-2022-36324"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2714"
},
{
"db": "NVD",
"id": "CVE-2022-36324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36324"
},
{
"date": "2023-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2714"
},
{
"date": "2022-08-10T12:15:12.930000",
"db": "NVD",
"id": "CVE-2022-36324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-56475"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36324"
},
{
"date": "2023-09-22T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2022-014932"
},
{
"date": "2022-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2714"
},
{
"date": "2023-02-23T16:19:42.137000",
"db": "NVD",
"id": "CVE-2022-36324"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014932"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2714"
}
],
"trust": 0.6
}
}
VAR-202208-0611
Vulnerability from variot - Updated: 2024-08-14 14:17Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI).
A command injection vulnerability exists in Siemens SCALANCE products, which results from an affected device failing to properly filter input fields. A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance xr552-12m 2hr2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2g poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11ac",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb205-3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc-600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xb208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m poe ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc642-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance sc632-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xr324-12m ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf204-2ba irt",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm400",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11n",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb213-3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm416-4c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc224-4c g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr328-4c wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2g poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208poe eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb205-3ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc636-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xc206-2sfp eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf204-2ba dna",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf-200ba",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m 2hr2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-8c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12m 2hr2 l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g poe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance w700 ieee 802.11ax",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb213-3ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm408-4c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr326-2c poe wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr552-12",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-12m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr524",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp-200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528-6m 2hr2 l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp216eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr324-4m eec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr528",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc622-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xc208g",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.1"
},
{
"model": "scalance xc216-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance m-800",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm416-4c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526-8c l3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr526",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xr-300wg",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance sc-646-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb205-3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-600",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc206-2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb-200",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11ax",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb216",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-622-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xc-200",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb213-3ld",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-632-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb213-3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-642-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11ac",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance w700 ieee 802.11n",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb205-3ld",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-636-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance s615",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance xb208",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "scalance sc-600 family",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.3.1"
},
{
"model": "scalance w-700 ieee 802.11ax family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w-700 ieee 802.11n family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance w-1700 ieee 802.11ac family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xb-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xc-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xf-200ba switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xm-400 family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xp-200 switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr-300wg switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr-500 family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"db": "NVD",
"id": "CVE-2022-36323"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens has reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2715"
}
],
"trust": 0.6
},
"cve": "CVE-2022-36323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-56476",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-36323",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-36323",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-014933",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2022-36323",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-36323",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-014933",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-56476",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2715",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2715"
},
{
"db": "NVD",
"id": "CVE-2022-36323"
},
{
"db": "NVD",
"id": "CVE-2022-36323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). \n\r\n\r\nA command injection vulnerability exists in Siemens SCALANCE products, which results from an affected device failing to properly filter input fields. A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions \u003c V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36323"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"db": "VULMON",
"id": "CVE-2022-36323"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36323",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-710008",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-223-07",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU90767165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014933",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-56476",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4032",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2715",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-36323",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"db": "VULMON",
"id": "CVE-2022-36323"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2715"
},
{
"db": "NVD",
"id": "CVE-2022-36323"
}
]
},
"id": "VAR-202208-0611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56476"
}
],
"trust": 1.2477712656666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56476"
}
]
},
"last_update_date": "2024-08-14T14:17:45.411000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SCALANCE product command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/343616"
},
{
"title": "Siemens SCALANCE Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243185"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2715"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"db": "NVD",
"id": "CVE-2022-36323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90767165/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36323"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4032"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36323/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-223-07"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"db": "VULMON",
"id": "CVE-2022-36323"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2715"
},
{
"db": "NVD",
"id": "CVE-2022-36323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"db": "VULMON",
"id": "CVE-2022-36323"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2715"
},
{
"db": "NVD",
"id": "CVE-2022-36323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36323"
},
{
"date": "2023-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2715"
},
{
"date": "2022-08-10T12:15:12.863000",
"db": "NVD",
"id": "CVE-2022-36323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-56476"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36323"
},
{
"date": "2023-09-22T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2022-014933"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2715"
},
{
"date": "2023-06-27T19:43:45.920000",
"db": "NVD",
"id": "CVE-2022-36323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2715"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014933"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2715"
}
],
"trust": 0.6
}
}
CVE-2021-25676 (GCVE-0-2021-25676)
Vulnerability from nvd – Published: 2021-03-15 17:03 – Updated: 2024-08-03 20:11
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.
Severity ?
No CVSS data available.
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 |
Affected:
V6.3
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RUGGEDCOM RM1224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V6.3"
}
]
},
{
"product": "SCALANCE M-800",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V6.3"
}
]
},
{
"product": "SCALANCE S615",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V6.3"
}
]
},
{
"product": "SCALANCE SC-600",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003e= V2.1 and \u003c V2.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions \u003e= V2.1 and \u003c V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:21",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224",
"version": {
"version_data": [
{
"version_value": "V6.3"
}
]
}
},
{
"product_name": "SCALANCE M-800",
"version": {
"version_data": [
{
"version_value": "V6.3"
}
]
}
},
{
"product_name": "SCALANCE S615",
"version": {
"version_data": [
{
"version_value": "V6.3"
}
]
}
},
{
"product_name": "SCALANCE SC-600",
"version": {
"version_data": [
{
"version_value": "All Versions \u003e= V2.1 and \u003c V2.1.3"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions \u003e= V2.1 and \u003c V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25676",
"datePublished": "2021-03-15T17:03:31",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25667 (GCVE-0-2021-25667)
Vulnerability from nvd – Published: 2021-03-15 17:03 – Updated: 2024-08-03 20:11
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.
Severity ?
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 |
Affected:
All versions >= V4.3 and < V6.4
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RUGGEDCOM RM1224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE M-800",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE S615",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE SC-600 Family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 and \u003c V2.1.3"
}
]
},
{
"product": "SCALANCE XB-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XC-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XF-200BA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XM400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.2"
}
]
},
{
"product": "SCALANCE XP-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XR-300WG",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XR500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:20",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE M-800",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE S615",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE SC-600 Family",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.0 and \u003c V2.1.3"
}
]
}
},
{
"product_name": "SCALANCE XB-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XC-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XF-200BA",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XM400",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.2"
}
]
}
},
{
"product_name": "SCALANCE XP-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XR-300WG",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XR500",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25667",
"datePublished": "2021-03-15T17:03:31",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25667 (GCVE-0-2021-25667)
Vulnerability from cvelistv5 – Published: 2021-03-15 17:03 – Updated: 2024-08-03 20:11
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.
Severity ?
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 |
Affected:
All versions >= V4.3 and < V6.4
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RUGGEDCOM RM1224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE M-800",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE S615",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE SC-600 Family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 and \u003c V2.1.3"
}
]
},
{
"product": "SCALANCE XB-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XC-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XF-200BA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XM400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.2"
}
]
},
{
"product": "SCALANCE XP-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XR-300WG",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XR500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:20",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE M-800",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE S615",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE SC-600 Family",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.0 and \u003c V2.1.3"
}
]
}
},
{
"product_name": "SCALANCE XB-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XC-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XF-200BA",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XM400",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.2"
}
]
}
},
{
"product_name": "SCALANCE XP-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XR-300WG",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XR500",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25667",
"datePublished": "2021-03-15T17:03:31",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25676 (GCVE-0-2021-25676)
Vulnerability from cvelistv5 – Published: 2021-03-15 17:03 – Updated: 2024-08-03 20:11
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.
Severity ?
No CVSS data available.
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 |
Affected:
V6.3
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RUGGEDCOM RM1224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V6.3"
}
]
},
{
"product": "SCALANCE M-800",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V6.3"
}
]
},
{
"product": "SCALANCE S615",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V6.3"
}
]
},
{
"product": "SCALANCE SC-600",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003e= V2.1 and \u003c V2.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions \u003e= V2.1 and \u003c V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:21",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224",
"version": {
"version_data": [
{
"version_value": "V6.3"
}
]
}
},
{
"product_name": "SCALANCE M-800",
"version": {
"version_data": [
{
"version_value": "V6.3"
}
]
}
},
{
"product_name": "SCALANCE S615",
"version": {
"version_data": [
{
"version_value": "V6.3"
}
]
}
},
{
"product_name": "SCALANCE SC-600",
"version": {
"version_data": [
{
"version_value": "All Versions \u003e= V2.1 and \u003c V2.1.3"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions \u003e= V2.1 and \u003c V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25676",
"datePublished": "2021-03-15T17:03:31",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}