Search criteria
2 vulnerabilities found for rts_vlink_virtual_matrix by bosch
CVE-2023-34999 (GCVE-0-2023-34999)
Vulnerability from nvd – Published: 2023-09-18 10:16 – Updated: 2024-09-25 15:35
VLAI?
Summary
A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface.
Severity ?
8.4 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTS | VLink Virtual Matrix Software |
Affected:
5.0.0 , < 5.7.6
(custom)
Affected: 6.0.0 , < 6.5.0 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:35:34.761711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:35:46.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "VLink Virtual Matrix Software",
"vendor": "RTS",
"versions": [
{
"lessThan": "5.7.6",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThan": "6.5.0",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (\u003c 5.7.6) and v6 (\u003c 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T10:16:14.009Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2023-34999",
"datePublished": "2023-09-18T10:16:14.009Z",
"dateReserved": "2023-06-16T06:04:24.396Z",
"dateUpdated": "2024-09-25T15:35:46.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34999 (GCVE-0-2023-34999)
Vulnerability from cvelistv5 – Published: 2023-09-18 10:16 – Updated: 2024-09-25 15:35
VLAI?
Summary
A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface.
Severity ?
8.4 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTS | VLink Virtual Matrix Software |
Affected:
5.0.0 , < 5.7.6
(custom)
Affected: 6.0.0 , < 6.5.0 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:35:34.761711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:35:46.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "VLink Virtual Matrix Software",
"vendor": "RTS",
"versions": [
{
"lessThan": "5.7.6",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThan": "6.5.0",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (\u003c 5.7.6) and v6 (\u003c 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T10:16:14.009Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2023-34999",
"datePublished": "2023-09-18T10:16:14.009Z",
"dateReserved": "2023-06-16T06:04:24.396Z",
"dateUpdated": "2024-09-25T15:35:46.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}