Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45133 (GCVE-0-2023-45133)
Vulnerability from cvelistv5 – Published: 2023-10-12 16:17 – Updated: 2025-02-13 17:13
VLAI
EPSS
Title
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Summary
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
Severity
9.4 (Critical)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/babel/babel/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/babel/babel/pull/16033 | x_refsource_MISC |
| https://github.com/babel/babel/commit/b13376b3469… | x_refsource_MISC |
| https://github.com/babel/babel/releases/tag/v7.23.2 | x_refsource_MISC |
| https://github.com/babel/babel/releases/tag/v8.0.… | x_refsource_MISC |
| https://www.debian.org/security/2023/dsa-5528 | |
| https://lists.debian.org/debian-lts-announce/2023… |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"name": "https://github.com/babel/babel/pull/16033",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"name": "https://github.com/babel/babel/releases/tag/v7.23.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:45:41.131211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:46:03.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "babel",
"vendor": "babel",
"versions": [
{
"status": "affected",
"version": "\u003c 7.23.2"
},
{
"status": "affected",
"version": "\u003e= 8.0.0-alpha.0, \u003c 8.0.0-alpha.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T08:06:11.273Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"name": "https://github.com/babel/babel/pull/16033",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"name": "https://github.com/babel/babel/releases/tag/v7.23.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
}
],
"source": {
"advisory": "GHSA-67hx-6x53-jw92",
"discovery": "UNKNOWN"
},
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45133",
"datePublished": "2023-10-12T16:17:08.624Z",
"dateReserved": "2023-10-04T16:02:46.328Z",
"dateUpdated": "2025-02-13T17:13:48.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-45133",
"date": "2026-05-30",
"epss": "0.00093",
"percentile": "0.26012"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45133\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-12T17:15:09.797\",\"lastModified\":\"2024-11-21T08:26:24.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \\\"polyfill provider\\\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"},{\"lang\":\"es\",\"value\":\"Babel es un compilador para escribir JavaScript. En `@babel/traverse` anterior a las versiones 7.23.2 y 8.0.0-alpha.4 y en todas las versiones de `babel-traverse`, el uso de Babel para compilar c\u00f3digo manipulado espec\u00edficamente por un atacante puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario durante compilaci\u00f3n, cuando se utilizan complementos que se basan en los m\u00e9todos internos de Babel `path.evaluate()`o `path.evaluateTruthy()`. Los complementos afectados conocidos son `@babel/plugin-transform-runtime`; `@babel/preset-env` cuando se usa su opci\u00f3n `useBuiltIns`; y cualquier complemento de \\\"proveedor de polyfill\\\" que dependa de `@babel/helper-define-polyfill-provider`, como `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin- polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Ning\u00fan otro complemento bajo el espacio de nombres `@babel/` se ve afectado, pero los complementos de terceros podr\u00edan verse afectados. Los usuarios que solo compilan c\u00f3digo confiable no se ven afectados. La vulnerabilidad se ha solucionado en `@babel/traverse@7.23.2` y `@babel/traverse@8.0.0-alpha.4`. Aquellos que no puedan actualizar `@babel/traverse` y est\u00e9n usando uno de los paquetes afectados mencionados anteriormente deben actualizarlos a su \u00faltima versi\u00f3n para evitar activar la ruta de c\u00f3digo vulnerable en las versiones afectadas `@babel/traverse`: `@babel/plugin- transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, ` babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-184\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-697\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"C20217DD-2967-42B5-A20D-3B7978DEC2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"3359A5D4-32F2-4128-8E6D-58C556FE5D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"B7A7E551-6CA9-4D22-A8BC-BDA8F3FE4CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"0214C42F-5EB9-410E-AB7E-206A5243FEB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"9E8907AD-4095-4579-BF92-AED3416ADA1E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.4.3\",\"matchCriteriaId\":\"EA4E050F-1B8B-44F6-AA89-6457C7CC074F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.4.6\",\"matchCriteriaId\":\"AE6CEB01-B369-401F-9103-4BBB2FDA267A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.8.5\",\"matchCriteriaId\":\"3E9E5F4A-2CF4-483A-81F9-055E06913969\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.10.0\",\"matchCriteriaId\":\"B9101BDF-A1D8-4CE4-94F3-B7D986548C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.5.3\",\"matchCriteriaId\":\"9350BCA6-00A4-4581-BC2B-A5077923E354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"F42788D8-5501-4FC1-828E-D487A4895986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"90EF976D-050D-4478-9A6E-D694E7451BAA\"}]}]}],\"references\":[{\"url\":\"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/pull/16033\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v7.23.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5528\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/pull/16033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v7.23.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"name\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/pull/16033\", \"name\": \"https://github.com/babel/babel/pull/16033\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"name\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"name\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"name\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5528\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:14:19.735Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45133\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-18T15:45:41.131211Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T15:45:59.409Z\"}}], \"cna\": {\"title\": \"Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code\", \"source\": {\"advisory\": \"GHSA-67hx-6x53-jw92\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"babel\", \"product\": \"babel\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 7.23.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 8.0.0-alpha.0, \u003c 8.0.0-alpha.4\"}]}], \"references\": [{\"url\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"name\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/babel/babel/pull/16033\", \"name\": \"https://github.com/babel/babel/pull/16033\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"name\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"name\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"name\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5528\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \\\"polyfill provider\\\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-184\", \"description\": \"CWE-184: Incomplete List of Disallowed Inputs\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-19T08:06:11.273Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45133\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:13:48.413Z\", \"dateReserved\": \"2023-10-04T16:02:46.328Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-10-12T16:17:08.624Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0337
Vulnerability from certfr_avis - Published: 2025-04-18 - Updated: 2025-04-18
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.28 | ||
| IBM | QRadar | QRadar Suite Software versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-35494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35494"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2020-35496",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35496"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2018-18700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18700"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-35495",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35495"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2019-12972",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12972"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2020-35507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35507"
},
{
"name": "CVE-2020-35493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35493"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2025-04-18T00:00:00",
"last_revision_date": "2025-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230739",
"url": "https://www.ibm.com/support/pages/node/7230739"
},
{
"published_at": "2025-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231169",
"url": "https://www.ibm.com/support/pages/node/7231169"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231051",
"url": "https://www.ibm.com/support/pages/node/7231051"
}
]
}
CERTFR-2025-AVI-0627
Vulnerability from certfr_avis - Published: 2025-07-25 - Updated: 2025-07-25
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Remote Server sans le dernier correctif de sécurité | ||
| IBM | QRadar | Security QRadar Network Threat Analytics versions antérieures à 1.4.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 5.1.2 sur CPD | ||
| IBM | Db2 Query Management Facility | DB2 Query Management Facility versions 13.1.x sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Remote Server sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Network Threat Analytics versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 5.1.2 sur CPD",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 13.1.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2 Query Management Facility",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-5629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5629"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-46298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46298"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
}
],
"initial_release_date": "2025-07-25T00:00:00",
"last_revision_date": "2025-07-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240466",
"url": "https://www.ibm.com/support/pages/node/7240466"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240530",
"url": "https://www.ibm.com/support/pages/node/7240530"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240471",
"url": "https://www.ibm.com/support/pages/node/7240471"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240267",
"url": "https://www.ibm.com/support/pages/node/7240267"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240474",
"url": "https://www.ibm.com/support/pages/node/7240474"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240250",
"url": "https://www.ibm.com/support/pages/node/7240250"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
FKIE_CVE-2023-45133
Vulnerability from fkie_nvd - Published: 2023-10-12 17:15 - Updated: 2024-11-21 08:26
Severity
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| babeljs | babel | * | |
| babeljs | babel | 8.0.0 | |
| babeljs | babel | 8.0.0 | |
| babeljs | babel | 8.0.0 | |
| babeljs | babel | 8.0.0 | |
| babeljs | babel-helper-define-polyfill-provider | * | |
| babeljs | babel-plugin-polyfill-corejs2 | * | |
| babeljs | babel-plugin-polyfill-corejs3 | * | |
| babeljs | babel-plugin-polyfill-es-shims | * | |
| babeljs | babel-plugin-polyfill-regenerator | * | |
| babeljs | babel-plugin-transform-runtime | * | |
| babeljs | babel-preset-env | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "C20217DD-2967-42B5-A20D-3B7978DEC2D3",
"versionEndExcluding": "7.23.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*",
"matchCriteriaId": "3359A5D4-32F2-4128-8E6D-58C556FE5D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*",
"matchCriteriaId": "B7A7E551-6CA9-4D22-A8BC-BDA8F3FE4CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*",
"matchCriteriaId": "0214C42F-5EB9-410E-AB7E-206A5243FEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*",
"matchCriteriaId": "9E8907AD-4095-4579-BF92-AED3416ADA1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "EA4E050F-1B8B-44F6-AA89-6457C7CC074F",
"versionEndExcluding": "0.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "AE6CEB01-B369-401F-9103-4BBB2FDA267A",
"versionEndExcluding": "0.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "3E9E5F4A-2CF4-483A-81F9-055E06913969",
"versionEndExcluding": "0.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "B9101BDF-A1D8-4CE4-94F3-B7D986548C7E",
"versionEndExcluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "9350BCA6-00A4-4581-BC2B-A5077923E354",
"versionEndExcluding": "0.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "F42788D8-5501-4FC1-828E-D487A4895986",
"versionEndExcluding": "7.23.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "90EF976D-050D-4478-9A6E-D694E7451BAA",
"versionEndExcluding": "7.23.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
},
{
"lang": "es",
"value": "Babel es un compilador para escribir JavaScript. En `@babel/traverse` anterior a las versiones 7.23.2 y 8.0.0-alpha.4 y en todas las versiones de `babel-traverse`, el uso de Babel para compilar c\u00f3digo manipulado espec\u00edficamente por un atacante puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario durante compilaci\u00f3n, cuando se utilizan complementos que se basan en los m\u00e9todos internos de Babel `path.evaluate()`o `path.evaluateTruthy()`. Los complementos afectados conocidos son `@babel/plugin-transform-runtime`; `@babel/preset-env` cuando se usa su opci\u00f3n `useBuiltIns`; y cualquier complemento de \"proveedor de polyfill\" que dependa de `@babel/helper-define-polyfill-provider`, como `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin- polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Ning\u00fan otro complemento bajo el espacio de nombres `@babel/` se ve afectado, pero los complementos de terceros podr\u00edan verse afectados. Los usuarios que solo compilan c\u00f3digo confiable no se ven afectados. La vulnerabilidad se ha solucionado en `@babel/traverse@7.23.2` y `@babel/traverse@8.0.0-alpha.4`. Aquellos que no puedan actualizar `@babel/traverse` y est\u00e9n usando uno de los paquetes afectados mencionados anteriormente deben actualizarlos a su \u00faltima versi\u00f3n para evitar activar la ruta de c\u00f3digo vulnerable en las versiones afectadas `@babel/traverse`: `@babel/plugin- transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, ` babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
],
"id": "CVE-2023-45133",
"lastModified": "2024-11-21T08:26:24.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-12T17:15:09.797",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5528"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-184"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-67HX-6X53-JW92
Vulnerability from github – Published: 2023-10-16 13:55 – Updated: 2024-04-04 14:26
VLAI
Summary
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Details
Impact
Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate()or path.evaluateTruthy() internal Babel methods.
Known affected plugins are:
- @babel/plugin-transform-runtime
- @babel/preset-env when using its useBuiltIns option
- Any "polyfill provider" plugin that depends on @babel/helper-define-polyfill-provider, such as babel-plugin-polyfill-corejs3, babel-plugin-polyfill-corejs2, babel-plugin-polyfill-es-shims, babel-plugin-polyfill-regenerator
No other plugins under the @babel/ namespace are impacted, but third-party plugins might be.
Users that only compile trusted code are not impacted.
Patches
The vulnerability has been fixed in @babel/traverse@7.23.2.
Babel 6 does not receive security fixes anymore (see Babel's security policy), hence there is no patch planned for babel-traverse@6.
Workarounds
- Upgrade
@babel/traverseto v7.23.2 or higher. You can do this by deleting it from your package manager's lockfile and re-installing the dependencies.@babel/core>=7.23.2 will automatically pull in a non-vulnerable version. - If you cannot upgrade
@babel/traverseand are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected@babel/traverseversions: @babel/plugin-transform-runtimev7.23.2@babel/preset-envv7.23.2@babel/helper-define-polyfill-providerv0.4.3babel-plugin-polyfill-corejs2v0.4.6babel-plugin-polyfill-corejs3v0.8.5babel-plugin-polyfill-es-shimsv0.10.0babel-plugin-polyfill-regeneratorv0.5.3
Severity
9.3 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@babel/traverse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.23.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@babel/traverse"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0-alpha.0"
},
{
"fixed": "8.0.0-alpha.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 7.23.2"
},
"package": {
"ecosystem": "npm",
"name": "babel-traverse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-45133"
],
"database_specific": {
"cwe_ids": [
"CWE-184",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-16T13:55:36Z",
"nvd_published_at": "2023-10-12T17:15:09Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nUsing Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods.\n\nKnown affected plugins are:\n- `@babel/plugin-transform-runtime`\n- `@babel/preset-env` when using its [`useBuiltIns`](https://babeljs.io/docs/babel-preset-env#usebuiltins) option\n- Any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`\n\nNo other plugins under the `@babel/` namespace are impacted, but third-party plugins might be.\n\n**Users that only compile trusted code are not impacted.**\n\n### Patches\n\nThe vulnerability has been fixed in `@babel/traverse@7.23.2`.\n\nBabel 6 does not receive security fixes anymore (see [Babel\u0027s security policy](https://github.com/babel/babel/security/policy)), hence there is no patch planned for `babel-traverse@6`.\n\n### Workarounds\n\n- Upgrade `@babel/traverse` to v7.23.2 or higher. You can do this by deleting it from your package manager\u0027s lockfile and re-installing the dependencies. `@babel/core` \u003e=7.23.2 will automatically pull in a non-vulnerable version.\n- If you cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions:\n - `@babel/plugin-transform-runtime` v7.23.2\n - `@babel/preset-env` v7.23.2\n - `@babel/helper-define-polyfill-provider` v0.4.3\n - `babel-plugin-polyfill-corejs2` v0.4.6\n - `babel-plugin-polyfill-corejs3` v0.8.5\n - `babel-plugin-polyfill-es-shims` v0.10.0\n - `babel-plugin-polyfill-regenerator` v0.5.3",
"id": "GHSA-67hx-6x53-jw92",
"modified": "2024-04-04T14:26:10Z",
"published": "2023-10-16T13:55:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45133"
},
{
"type": "WEB",
"url": "https://github.com/babel/babel/pull/16033"
},
{
"type": "WEB",
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"type": "WEB",
"url": "https://babeljs.io/blog/2023/10/16/cve-2023-45133"
},
{
"type": "PACKAGE",
"url": "https://github.com/babel/babel"
},
{
"type": "WEB",
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"type": "WEB",
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5528"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"
}
GSD-2023-45133
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-45133",
"id": "GSD-2023-45133"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-45133"
],
"details": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"id": "GSD-2023-45133",
"modified": "2023-12-13T01:20:38.398768Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-45133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "babel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 7.23.2"
},
{
"version_affected": "=",
"version_value": "\u003e= 8.0.0-alpha.0, \u003c 8.0.0-alpha.4"
}
]
}
}
]
},
"vendor_name": "babel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-184",
"lang": "eng",
"value": "CWE-184: Incomplete List of Disallowed Inputs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"refsource": "MISC",
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"name": "https://github.com/babel/babel/pull/16033",
"refsource": "MISC",
"url": "https://github.com/babel/babel/pull/16033"
},
{
"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"refsource": "MISC",
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"name": "https://github.com/babel/babel/releases/tag/v7.23.2",
"refsource": "MISC",
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"refsource": "MISC",
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"name": "https://www.debian.org/security/2023/dsa-5528",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
}
]
},
"source": {
"advisory": "GHSA-67hx-6x53-jw92",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "7.23.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.8.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.4.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "7.23.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "7.23.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-45133"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"name": "https://github.com/babel/babel/pull/16033",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"name": "https://github.com/babel/babel/releases/tag/v7.23.2",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"name": "https://www.debian.org/security/2023/dsa-5528",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
},
"lastModifiedDate": "2023-10-24T16:52Z",
"publishedDate": "2023-10-12T17:15Z"
}
}
}
ICSA-25-317-15
Vulnerability from csaf_cisa - Published: 2025-11-11 00:00 - Updated: 2025-11-11 00:00Summary
Siemens COMOS
Notes
Summary: COMOS is affected by two vulnerabilities that could allow an attacker to execute arbitrary code or lead to data infiltration.
Siemens has released a new version for COMOS and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Siemens ProductCERT SSA-682326 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
References
10 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "COMOS is affected by two vulnerabilities that could allow an attacker to execute arbitrary code or lead to data infiltration. \n\nSiemens has released a new version for COMOS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-682326 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-682326: Multiple Vulnerabilities in COMOS before V10.4.5 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-682326.json"
},
{
"category": "self",
"summary": "SSA-682326: Multiple Vulnerabilities in COMOS before V10.4.5 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-682326.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-317-15 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-317-15.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-317-15 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-15"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens COMOS",
"tracking": {
"current_release_date": "2025-11-11T00:00:00.000000Z",
"generator": {
"date": "2025-11-13T15:08:52.829524Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-317-15",
"initial_release_date": "2025-11-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2025-11-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.4.5",
"product": {
"name": "COMOS",
"product_id": "CSAFPID-0001"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.4.5",
"product": {
"name": "COMOS",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "COMOS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45133",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "summary",
"text": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V10.4.5 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.sw.siemens.com/product/222981661/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V10.4.5 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/product/222981661/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "CVE-2024-0056"
}
]
}
MSRC_CVE-2023-45133
Vulnerability from csaf_microsoft - Published: 2023-10-01 00:00 - Updated: 2026-02-18 15:01Summary
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-184
- Incomplete List of Disallowed Inputs
Affected products
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-45133.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"tracking": {
"current_release_date": "2026-02-18T15:01:49.000Z",
"generator": {
"date": "2026-02-21T02:42:38.592Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-45133",
"initial_release_date": "2023-10-01T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-04T00:00:04.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T15:01:49.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 babel 2.12.1-1",
"product": {
"name": "azl3 babel 2.12.1-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 babel 2.12.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45133",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-45133.json"
}
],
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"
}
]
}
NCSC-2025-0357
Vulnerability from csaf_ncscnl - Published: 2025-11-11 18:14 - Updated: 2025-11-11 18:14Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power en Solid Edge.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (root/admin rechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Verhogen van rechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-125: Out-of-bounds Read
CWE-184: Incomplete List of Disallowed Inputs
CWE-209: Generation of Error Message Containing Sensitive Information
CWE-266: Incorrect Privilege Assignment
CWE-295: Improper Certificate Validation
CWE-306: Missing Authentication for Critical Function
CWE-319: Cleartext Transmission of Sensitive Information
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-420: Unprotected Alternate Channel
CWE-427: Uncontrolled Search Path Element
CWE-648: Incorrect Use of Privileged APIs
CWE-697: Incorrect Comparison
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
A vulnerability in all versions of POWER METER SICAM Q100 prior to V2.60 allows Cross-Site Request Forgery attacks via the web interface, enabling unauthorized actions through deceptive links clicked by authenticated users.
8.8 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
All versions of POWER METER SICAM Q100 prior to V2.60 are vulnerable due to the lack of cookie protection flags, allowing attackers to impersonate legitimate users via session token access.
CWE-732 - Incorrect Permission Assignment for Critical ResourceAffected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
Babel and Splunk Enterprise have multiple vulnerabilities allowing arbitrary code execution, with Babel's flaws in specific methods and Splunk's third-party component errors posing significant risks.
9.3 (Critical)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
Siemens and Microsoft have addressed multiple vulnerabilities across various products, including COMOS, .NET Framework, and SQL Data Providers, which could enable significant security breaches and data exposure.
8.7 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
The application contains a local privilege escalation vulnerability due to an exposed debug interface, allowing local users to execute code with administrative privileges.
7.8 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
The application contains a local privilege escalation vulnerability due to improper permissions on a binary, allowing local attackers to gain administrative privileges.
7.8 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
The application contains a vulnerability that exposes database credentials through a publicly accessible file, allowing attackers to connect as privileged users and execute system commands.
7.8 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
The application contains a vulnerability that permits arbitrary command execution via its user interface, which is accessible over the network and operates with administrative privileges.
8.8 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
The application contains a vulnerability that allows an attacker to alter the local database of application credentials, potentially leading to unauthorized administrative access.
4.7 (Medium)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
Multiple vulnerabilities have been identified in various HPE servers and the TCG TPM2.0 Reference implementation, including Out-of-Bounds read issues and local denial of service exploits.
6.6 (Medium)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
Affected applications exhibit inadequate validation of client certificates for the License Service endpoint, which may allow remote attackers to perform man-in-the-middle attacks.
7.5 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
The affected products inadequately handle error messages, potentially exposing sensitive password hash information during user authentication, which could allow local attackers to extract and brute-force privileged account passwords.
5.5 (Medium)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
The document outlines a vulnerability in specific products that inadequately validate environment variables during shared library loading, enabling local attackers to execute arbitrary code with superuser privileges via path hijacking.
7.8 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
Devices with vulnerabilities in TCP packet structure validation may allow attackers to exploit buffer overflows and execute arbitrary code.
7.2 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
Affected devices lack necessary validations, allowing unauthenticated remote attackers to change the device's IP address, making it unreachable.
7.6 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
Affected devices lack necessary validations, allowing unauthenticated remote attackers to alter the device's time, which may lead to unintended operational behavior.
6.5 (Medium)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
The application is vulnerable to DLL hijacking, allowing attackers to execute arbitrary code by placing a malicious DLL file on the system.
7.8 (High)
Affected products
Known affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Altair Grid Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / INTRALOG WMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / JT2Go (Application)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCE (6ED1052-1MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCE (6ED1052-1FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 230RCEo (6ED1052-2FB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CE (6ED1052-1CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24CEo (6ED1052-2CC08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCE (6ED1052-1HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / LOGO! 24RCEo (6ED1052-2HB08-0BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / POWER METER SICAM Q200 family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Q200 Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8500-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 (7KG8501-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P850 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA10-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8550-0AA30-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA01-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA02-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA11-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA12-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA31-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-0AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 (7KG8551-0AA32-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM P855 Firmware (OS)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Sidis Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens Software Center
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2022 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siveillance Video 2023 R3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Spectrum Power 4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Teamcenter Visualization
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / q200_firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Power Meter Sicam Q200 Family
|
vers:unknown/* |
References
23 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power en Solid Edge.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (root/admin rechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Verhogen van rechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Incomplete List of Disallowed Inputs",
"title": "CWE-184"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Incorrect Privilege Assignment",
"title": "CWE-266"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Unprotected Alternate Channel",
"title": "CWE-420"
},
{
"category": "general",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "general",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-201498.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-267056.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-339694.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-514895.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-522291.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-682326.html"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2025-11-11T18:14:44.487803Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0357",
"initial_release_date": "2025-11-11T18:14:44.487803Z",
"revision_history": [
{
"date": "2025-11-11T18:14:44.487803Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Altair Grid Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "COMOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "INTRALOG WMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "JT2Go (Application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "LOGO! 12/24RCE (6ED1052-1MD08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "LOGO! 230RCE (6ED1052-1FB08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "LOGO! 230RCEo (6ED1052-2FB08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "LOGO! 24CE (6ED1052-1CC08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "LOGO! 24CEo (6ED1052-2CC08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "LOGO! 24RCE (6ED1052-1HB08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "LOGO! 24RCEo (6ED1052-2HB08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q200 family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Power Meter Sicam Q100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Power Meter Sicam Q200 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Q200 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "SICAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA00-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA00-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA10-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA10-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA30-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA30-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA01-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA01-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA02-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA02-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA11-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA11-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA12-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA12-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-37"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA31-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-38"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA31-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-39"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA32-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-40"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA32-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-41"
}
}
],
"category": "product_name",
"name": "SICAM P850 Firmware (OS)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-42"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA00-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-43"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA00-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-44"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA10-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-45"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA10-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-46"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA30-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-47"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA30-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-48"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA01-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-49"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA01-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-50"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA02-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-51"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA02-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-52"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA11-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-53"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA11-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-54"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA12-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-55"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA12-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-56"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA31-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-57"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA31-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-58"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA32-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-59"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA32-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-60"
}
}
],
"category": "product_name",
"name": "SICAM P855 Firmware (OS)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-61"
}
}
],
"category": "product_name",
"name": "SIDIS Prime"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-62"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-63"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-64"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-65"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-66"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-67"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-68"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-69"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-70"
}
}
],
"category": "product_name",
"name": "Sidis Prime"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-71"
}
}
],
"category": "product_name",
"name": "Siemens SICAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-72"
}
}
],
"category": "product_name",
"name": "Siemens Software Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-73"
}
}
],
"category": "product_name",
"name": "Siveillance Video"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-74"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2022 R1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-75"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2022 R2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-76"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2022 R3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-77"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2023 R1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-78"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2023 R2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-79"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2023 R3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-80"
}
}
],
"category": "product_name",
"name": "Solid Edge SE2025"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-81"
}
}
],
"category": "product_name",
"name": "Spectrum Power 4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-82"
}
}
],
"category": "product_name",
"name": "Teamcenter Visualization"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-83"
}
}
],
"category": "product_name",
"name": "q200_firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-84"
}
}
],
"category": "product_name",
"name": "\u200bPower Meter Sicam Q200 Family"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-30901",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "description",
"text": "A vulnerability in all versions of POWER METER SICAM Q100 prior to V2.60 allows Cross-Site Request Forgery attacks via the web interface, enabling unauthorized actions through deceptive links clicked by authenticated users.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-30901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2023-30901"
},
{
"cve": "CVE-2023-31238",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "All versions of POWER METER SICAM Q100 prior to V2.60 are vulnerable due to the lack of cookie protection flags, allowing attackers to impersonate legitimate users via session token access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-31238 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-31238.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2023-31238"
},
{
"cve": "CVE-2023-45133",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "other",
"text": "Incomplete List of Disallowed Inputs",
"title": "CWE-184"
},
{
"category": "other",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "description",
"text": "Babel and Splunk Enterprise have multiple vulnerabilities allowing arbitrary code execution, with Babel\u0027s flaws in specific methods and Splunk\u0027s third-party component errors posing significant risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-45133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-420",
"name": "Unprotected Alternate Channel"
},
"notes": [
{
"category": "other",
"text": "Unprotected Alternate Channel",
"title": "CWE-420"
},
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "description",
"text": "Siemens and Microsoft have addressed multiple vulnerabilities across various products, including COMOS, .NET Framework, and SQL Data Providers, which could enable significant security breaches and data exposure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0056 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-0056.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-0056"
},
{
"cve": "CVE-2024-32008",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"notes": [
{
"category": "other",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "description",
"text": "The application contains a local privilege escalation vulnerability due to an exposed debug interface, allowing local users to execute code with administrative privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32008 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32008.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32008"
},
{
"cve": "CVE-2024-32009",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"notes": [
{
"category": "other",
"text": "Incorrect Privilege Assignment",
"title": "CWE-266"
},
{
"category": "description",
"text": "The application contains a local privilege escalation vulnerability due to improper permissions on a binary, allowing local attackers to gain administrative privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32009"
},
{
"cve": "CVE-2024-32010",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "The application contains a vulnerability that exposes database credentials through a publicly accessible file, allowing attackers to connect as privileged users and execute system commands.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32010 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32010.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32010"
},
{
"cve": "CVE-2024-32011",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"notes": [
{
"category": "other",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
},
{
"category": "description",
"text": "The application contains a vulnerability that permits arbitrary command execution via its user interface, which is accessible over the network and operates with administrative privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32011 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32011.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32011"
},
{
"cve": "CVE-2024-32014",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "The application contains a vulnerability that allows an attacker to alter the local database of application credentials, potentially leading to unauthorized administrative access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32014 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32014"
},
{
"cve": "CVE-2025-2884",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in various HPE servers and the TCG TPM2.0 Reference implementation, including Out-of-Bounds read issues and local denial of service exploits.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-2884 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-2884.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-2884"
},
{
"cve": "CVE-2025-40744",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Affected applications exhibit inadequate validation of client certificates for the License Service endpoint, which may allow remote attackers to perform man-in-the-middle attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40744 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40744.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40744"
},
{
"cve": "CVE-2025-40760",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "The affected products inadequately handle error messages, potentially exposing sensitive password hash information during user authentication, which could allow local attackers to extract and brute-force privileged account passwords.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40760 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40760.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40760"
},
{
"cve": "CVE-2025-40763",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "description",
"text": "The document outlines a vulnerability in specific products that inadequately validate environment variables during shared library loading, enabling local attackers to execute arbitrary code with superuser privileges via path hijacking.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40763 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40763.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40763"
},
{
"cve": "CVE-2025-40815",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "Devices with vulnerabilities in TCP packet structure validation may allow attackers to exploit buffer overflows and execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40815 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40815.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40815"
},
{
"cve": "CVE-2025-40816",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "Affected devices lack necessary validations, allowing unauthenticated remote attackers to change the device\u0027s IP address, making it unreachable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40816 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40816"
},
{
"cve": "CVE-2025-40817",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "Affected devices lack necessary validations, allowing unauthenticated remote attackers to alter the device\u0027s time, which may lead to unintended operational behavior.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40817"
},
{
"cve": "CVE-2025-40827",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "description",
"text": "The application is vulnerable to DLL hijacking, allowing attackers to execute arbitrary code by placing a malicious DLL file on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40827 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40827.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40827"
}
]
}
OPENSUSE-SU-2024:13360-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
teleport-14.1.1-1.1 on GA media
Severity
Important
Notes
Title of the patch: teleport-14.1.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the teleport-14.1.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13360
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.3 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "teleport-14.1.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the teleport-14.1.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13360",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13360-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45133 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
}
],
"title": "teleport-14.1.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13360-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "teleport-14.1.1-1.1.aarch64",
"product": {
"name": "teleport-14.1.1-1.1.aarch64",
"product_id": "teleport-14.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-14.1.1-1.1.aarch64",
"product": {
"name": "teleport-tbot-14.1.1-1.1.aarch64",
"product_id": "teleport-tbot-14.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-14.1.1-1.1.aarch64",
"product": {
"name": "teleport-tctl-14.1.1-1.1.aarch64",
"product_id": "teleport-tctl-14.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-14.1.1-1.1.aarch64",
"product": {
"name": "teleport-tsh-14.1.1-1.1.aarch64",
"product_id": "teleport-tsh-14.1.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-14.1.1-1.1.ppc64le",
"product": {
"name": "teleport-14.1.1-1.1.ppc64le",
"product_id": "teleport-14.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tbot-14.1.1-1.1.ppc64le",
"product": {
"name": "teleport-tbot-14.1.1-1.1.ppc64le",
"product_id": "teleport-tbot-14.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tctl-14.1.1-1.1.ppc64le",
"product": {
"name": "teleport-tctl-14.1.1-1.1.ppc64le",
"product_id": "teleport-tctl-14.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tsh-14.1.1-1.1.ppc64le",
"product": {
"name": "teleport-tsh-14.1.1-1.1.ppc64le",
"product_id": "teleport-tsh-14.1.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-14.1.1-1.1.s390x",
"product": {
"name": "teleport-14.1.1-1.1.s390x",
"product_id": "teleport-14.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tbot-14.1.1-1.1.s390x",
"product": {
"name": "teleport-tbot-14.1.1-1.1.s390x",
"product_id": "teleport-tbot-14.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tctl-14.1.1-1.1.s390x",
"product": {
"name": "teleport-tctl-14.1.1-1.1.s390x",
"product_id": "teleport-tctl-14.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tsh-14.1.1-1.1.s390x",
"product": {
"name": "teleport-tsh-14.1.1-1.1.s390x",
"product_id": "teleport-tsh-14.1.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-14.1.1-1.1.x86_64",
"product": {
"name": "teleport-14.1.1-1.1.x86_64",
"product_id": "teleport-14.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-14.1.1-1.1.x86_64",
"product": {
"name": "teleport-tbot-14.1.1-1.1.x86_64",
"product_id": "teleport-tbot-14.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-14.1.1-1.1.x86_64",
"product": {
"name": "teleport-tctl-14.1.1-1.1.x86_64",
"product_id": "teleport-tctl-14.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-14.1.1-1.1.x86_64",
"product": {
"name": "teleport-tsh-14.1.1-1.1.x86_64",
"product_id": "teleport-tsh-14.1.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-14.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64"
},
"product_reference": "teleport-14.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-14.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le"
},
"product_reference": "teleport-14.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-14.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x"
},
"product_reference": "teleport-14.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-14.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64"
},
"product_reference": "teleport-14.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-14.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64"
},
"product_reference": "teleport-tbot-14.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-14.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le"
},
"product_reference": "teleport-tbot-14.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-14.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x"
},
"product_reference": "teleport-tbot-14.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-14.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64"
},
"product_reference": "teleport-tbot-14.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-14.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64"
},
"product_reference": "teleport-tctl-14.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-14.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le"
},
"product_reference": "teleport-tctl-14.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-14.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x"
},
"product_reference": "teleport-tctl-14.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-14.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64"
},
"product_reference": "teleport-tctl-14.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-14.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64"
},
"product_reference": "teleport-tsh-14.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-14.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le"
},
"product_reference": "teleport-tsh-14.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-14.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x"
},
"product_reference": "teleport-tsh-14.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-14.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
},
"product_reference": "teleport-tsh-14.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45133"
}
],
"notes": [
{
"category": "general",
"text": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45133",
"url": "https://www.suse.com/security/cve/CVE-2023-45133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…