Search criteria
3 vulnerabilities by Diebold Nixdorf
CVE-2024-45246 (GCVE-0-2024-45246)
Vulnerability from cvelistv5 – Published: 2024-10-06 11:49 – Updated: 2024-10-07 15:35
VLAI
Title
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
Summary
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
Severity
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Diebold Nixdorf | Vynamic View prior to v5.9.5 |
Affected:
All versions , < Upgrade to v5.9.5 or greater
(custom)
|
Date Public
2024-10-06 11:46
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vynamic_view",
"vendor": "dieboldnixdorf",
"versions": [
{
"lessThan": "5.9.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T15:33:39.337132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T15:35:51.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vynamic View prior to v5.9.5",
"vendor": "Diebold Nixdorf",
"versions": [
{
"lessThan": "Upgrade to v5.9.5 or greater",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Itamar Yochpaz, Daniel Alatash - komodosec"
}
],
"datePublic": "2024-10-06T11:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-06T11:49:16.249Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to v5.9.5 or greater\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to v5.9.5 or greater"
}
],
"source": {
"advisory": "ILVN-2024-0198",
"discovery": "UNKNOWN"
},
"title": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-45246",
"datePublished": "2024-10-06T11:49:16.249Z",
"dateReserved": "2024-08-25T06:16:04.248Z",
"dateUpdated": "2024-10-07T15:35:51.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45245 (GCVE-0-2024-45245)
Vulnerability from cvelistv5 – Published: 2024-10-06 07:28 – Updated: 2024-10-07 15:36
VLAI
Title
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Summary
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Severity
7.8 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Diebold Nixdorf | Vynamic View prior |
Affected:
All versions , < Upgrade to v5.9.5 or greater
(custom)
|
Date Public
2024-10-06 07:24
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vynamic_view",
"vendor": "dieboldnixdorf",
"versions": [
{
"lessThan": "5.9.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T15:36:07.439601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T15:36:39.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vynamic View prior",
"vendor": "Diebold Nixdorf",
"versions": [
{
"lessThan": "Upgrade to v5.9.5 or greater",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Itamar Yochpaz, Daniel Alatash - komodosec"
}
],
"datePublic": "2024-10-06T07:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"value": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-06T07:28:37.226Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to v5.9.5 or greater\u003c/span\u003e"
}
],
"value": "Upgrade to v5.9.5 or greater"
}
],
"source": {
"advisory": "ILVN-2024-0197",
"discovery": "UNKNOWN"
},
"title": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-45245",
"datePublished": "2024-10-06T07:28:37.226Z",
"dateReserved": "2024-08-25T06:16:04.248Z",
"dateUpdated": "2024-10-07T15:36:39.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9062 (GCVE-0-2020-9062)
Vulnerability from cvelistv5 – Published: 2020-08-21 20:30 – Updated: 2024-09-16 22:15
VLAI
Summary
Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/221785 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Diebold Nixdorf | ProCash 2100xe USB ATM |
Affected:
Wincor Probase 1.1.30
|
Date Public
2020-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/221785"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/221785"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:25:41.124715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:25:56.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ProCash 2100xe USB ATM",
"vendor": "Diebold Nixdorf",
"versions": [
{
"status": "affected",
"version": "Wincor Probase 1.1.30"
}
]
}
],
"datePublic": "2020-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353 Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T20:30:41.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/vuls/id/221785"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2020-08-20T16:34:00.000Z",
"ID": "CVE-2020-9062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProCash 2100xe USB ATM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Wincor Probase",
"version_value": "1.1.30"
}
]
}
}
]
},
"vendor_name": "Diebold Nixdorf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-353 Missing Support for Integrity Check"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/221785",
"refsource": "MISC",
"url": "https://kb.cert.org/vuls/id/221785"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9062",
"datePublished": "2020-08-21T20:30:41.251Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:15:09.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}