Search

Find a vulnerability

Search criteria

    6 vulnerabilities by Diebold Nixdorf

    CVE-2024-45246 (GCVE-0-2024-45246)

    Vulnerability from nvd – Published: 2024-10-06 11:49 – Updated: 2024-10-07 15:35
    VLAI
    Title
    Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
    Summary
    Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Diebold Nixdorf Vynamic View prior to v5.9.5 Affected: All versions , < Upgrade to v5.9.5 or greater (custom)
    Create a notification for this product.
    dieboldnixdorf vynamic_view Affected: 0 , < 5.9.5 (custom)
        cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-06 11:46
    Credits
    Itamar Yochpaz, Daniel Alatash - komodosec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vynamic_view",
                "vendor": "dieboldnixdorf",
                "versions": [
                  {
                    "lessThan": "5.9.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:33:39.337132Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:35:51.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vynamic View prior to v5.9.5",
              "vendor": "Diebold Nixdorf",
              "versions": [
                {
                  "lessThan": "Upgrade to v5.9.5 or greater",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Itamar Yochpaz, Daniel Alatash - komodosec"
            }
          ],
          "datePublic": "2024-10-06T11:46:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-06T11:49:16.249Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to v5.9.5 or greater\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to v5.9.5 or greater"
            }
          ],
          "source": {
            "advisory": "ILVN-2024-0198",
            "discovery": "UNKNOWN"
          },
          "title": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2024-45246",
        "datePublished": "2024-10-06T11:49:16.249Z",
        "dateReserved": "2024-08-25T06:16:04.248Z",
        "dateUpdated": "2024-10-07T15:35:51.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45245 (GCVE-0-2024-45245)

    Vulnerability from nvd – Published: 2024-10-06 07:28 – Updated: 2024-10-07 15:36
    VLAI
    Title
    Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
    Summary
    Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Diebold Nixdorf Vynamic View prior Affected: All versions , < Upgrade to v5.9.5 or greater (custom)
    Create a notification for this product.
    dieboldnixdorf vynamic_view Affected: 0 , < 5.9.5 (custom)
        cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-06 07:24
    Credits
    Itamar Yochpaz, Daniel Alatash - komodosec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vynamic_view",
                "vendor": "dieboldnixdorf",
                "versions": [
                  {
                    "lessThan": "5.9.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:36:07.439601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:36:39.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vynamic View prior",
              "vendor": "Diebold Nixdorf",
              "versions": [
                {
                  "lessThan": "Upgrade to v5.9.5 or greater",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Itamar Yochpaz, Daniel Alatash - komodosec"
            }
          ],
          "datePublic": "2024-10-06T07:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ],
              "value": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-06T07:28:37.226Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to v5.9.5 or greater\u003c/span\u003e"
                }
              ],
              "value": "Upgrade to v5.9.5 or greater"
            }
          ],
          "source": {
            "advisory": "ILVN-2024-0197",
            "discovery": "UNKNOWN"
          },
          "title": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2024-45245",
        "datePublished": "2024-10-06T07:28:37.226Z",
        "dateReserved": "2024-08-25T06:16:04.248Z",
        "dateUpdated": "2024-10-07T15:36:39.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9062 (GCVE-0-2020-9062)

    Vulnerability from nvd – Published: 2020-08-21 20:30 – Updated: 2024-09-16 22:15
    VLAI
    Summary
    Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-353 - Missing Support for Integrity Check
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Diebold Nixdorf ProCash 2100xe USB ATM Affected: Wincor Probase 1.1.30
    Create a notification for this product.
    Date Public
    2020-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/221785"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/221785"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-9062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T13:25:41.124715Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T13:25:56.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ProCash 2100xe USB ATM",
              "vendor": "Diebold Nixdorf",
              "versions": [
                {
                  "status": "affected",
                  "version": "Wincor Probase 1.1.30"
                }
              ]
            }
          ],
          "datePublic": "2020-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-353",
                  "description": "CWE-353 Missing Support for Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-21T20:30:41.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/221785"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2020-08-20T16:34:00.000Z",
              "ID": "CVE-2020-9062",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ProCash 2100xe USB ATM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Wincor Probase",
                                "version_value": "1.1.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Diebold Nixdorf"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-353 Missing Support for Integrity Check"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-311 Missing Encryption of Sensitive Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/221785",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/221785"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9062",
        "datePublished": "2020-08-21T20:30:41.251Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:15:09.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45246 (GCVE-0-2024-45246)

    Vulnerability from cvelistv5 – Published: 2024-10-06 11:49 – Updated: 2024-10-07 15:35
    VLAI
    Title
    Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
    Summary
    Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Diebold Nixdorf Vynamic View prior to v5.9.5 Affected: All versions , < Upgrade to v5.9.5 or greater (custom)
    Create a notification for this product.
    dieboldnixdorf vynamic_view Affected: 0 , < 5.9.5 (custom)
        cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-06 11:46
    Credits
    Itamar Yochpaz, Daniel Alatash - komodosec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vynamic_view",
                "vendor": "dieboldnixdorf",
                "versions": [
                  {
                    "lessThan": "5.9.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:33:39.337132Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:35:51.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vynamic View prior to v5.9.5",
              "vendor": "Diebold Nixdorf",
              "versions": [
                {
                  "lessThan": "Upgrade to v5.9.5 or greater",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Itamar Yochpaz, Daniel Alatash - komodosec"
            }
          ],
          "datePublic": "2024-10-06T11:46:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-06T11:49:16.249Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to v5.9.5 or greater\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to v5.9.5 or greater"
            }
          ],
          "source": {
            "advisory": "ILVN-2024-0198",
            "discovery": "UNKNOWN"
          },
          "title": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2024-45246",
        "datePublished": "2024-10-06T11:49:16.249Z",
        "dateReserved": "2024-08-25T06:16:04.248Z",
        "dateUpdated": "2024-10-07T15:35:51.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45245 (GCVE-0-2024-45245)

    Vulnerability from cvelistv5 – Published: 2024-10-06 07:28 – Updated: 2024-10-07 15:36
    VLAI
    Title
    Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
    Summary
    Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Diebold Nixdorf Vynamic View prior Affected: All versions , < Upgrade to v5.9.5 or greater (custom)
    Create a notification for this product.
    dieboldnixdorf vynamic_view Affected: 0 , < 5.9.5 (custom)
        cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-06 07:24
    Credits
    Itamar Yochpaz, Daniel Alatash - komodosec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vynamic_view",
                "vendor": "dieboldnixdorf",
                "versions": [
                  {
                    "lessThan": "5.9.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:36:07.439601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:36:39.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vynamic View prior",
              "vendor": "Diebold Nixdorf",
              "versions": [
                {
                  "lessThan": "Upgrade to v5.9.5 or greater",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Itamar Yochpaz, Daniel Alatash - komodosec"
            }
          ],
          "datePublic": "2024-10-06T07:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ],
              "value": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-06T07:28:37.226Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to v5.9.5 or greater\u003c/span\u003e"
                }
              ],
              "value": "Upgrade to v5.9.5 or greater"
            }
          ],
          "source": {
            "advisory": "ILVN-2024-0197",
            "discovery": "UNKNOWN"
          },
          "title": "Diebold Nixdorf \u2013 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2024-45245",
        "datePublished": "2024-10-06T07:28:37.226Z",
        "dateReserved": "2024-08-25T06:16:04.248Z",
        "dateUpdated": "2024-10-07T15:36:39.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9062 (GCVE-0-2020-9062)

    Vulnerability from cvelistv5 – Published: 2020-08-21 20:30 – Updated: 2024-09-16 22:15
    VLAI
    Summary
    Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-353 - Missing Support for Integrity Check
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Diebold Nixdorf ProCash 2100xe USB ATM Affected: Wincor Probase 1.1.30
    Create a notification for this product.
    Date Public
    2020-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/221785"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/221785"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-9062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T13:25:41.124715Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T13:25:56.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ProCash 2100xe USB ATM",
              "vendor": "Diebold Nixdorf",
              "versions": [
                {
                  "status": "affected",
                  "version": "Wincor Probase 1.1.30"
                }
              ]
            }
          ],
          "datePublic": "2020-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-353",
                  "description": "CWE-353 Missing Support for Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-21T20:30:41.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/221785"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2020-08-20T16:34:00.000Z",
              "ID": "CVE-2020-9062",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ProCash 2100xe USB ATM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Wincor Probase",
                                "version_value": "1.1.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Diebold Nixdorf"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-353 Missing Support for Integrity Check"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-311 Missing Encryption of Sensitive Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/221785",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/221785"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9062",
        "datePublished": "2020-08-21T20:30:41.251Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:15:09.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }