Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-48795 (GCVE-0-2023-48795)
Vulnerability from cvelistv5 – Published: 2023-12-18 00:00 – Updated: 2026-05-12 11:02
VLAI
EPSS
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
139 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:05:21.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.terrapin-attack.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"tags": [
"x_transferred"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"tags": [
"x_transferred"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"tags": [
"x_transferred"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48795",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:01:05.519910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:45:57.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:02:25.905Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:06:23.972Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"url": "https://www.paramiko.org/changelog.html"
},
{
"url": "https://www.openssh.com/openbsd.html"
},
{
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"url": "https://www.terrapin-attack.com"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"url": "https://bugs.gentoo.org/920280"
},
{
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"url": "https://crates.io/crates/thrussh/versions"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"url": "https://filezilla-project.org/versions.php"
},
{
"url": "https://nova.app/releases/#v11.8"
},
{
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48795",
"datePublished": "2023-12-18T00:00:00.000Z",
"dateReserved": "2023-11-20T00:00:00.000Z",
"dateUpdated": "2026-05-12T11:02:25.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-48795",
"date": "2026-06-04",
"epss": "0.54214",
"percentile": "0.98064"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-48795\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-12-18T16:15:10.897\",\"lastModified\":\"2026-05-12T11:16:15.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\"},{\"lang\":\"es\",\"value\":\"El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\u00f3n de extensi\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\u00f3n para la cual algunas caracter\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\u00eda haber efectos en Bitvise SSH hasta la versi\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.6\",\"matchCriteriaId\":\"5308FBBB-F738-41C5-97A4-E40118E957CD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.80\",\"matchCriteriaId\":\"A9D807DB-9E20-4792-8A9F-4BFFC841BAB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.66.4\",\"matchCriteriaId\":\"42915485-A4DA-48DD-9C15-415D2D39DC52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.4\",\"matchCriteriaId\":\"31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.8\",\"matchCriteriaId\":\"F2FCF7EF-97D7-44CF-AC74-72D856901755\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"53CAD263-1C60-43BD-86A2-C8DB15FFB4C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.2\",\"matchCriteriaId\":\"8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.33\",\"matchCriteriaId\":\"6209E375-10C7-4E65-A2E7-455A686717AC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.32\",\"matchCriteriaId\":\"1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.66.4\",\"matchCriteriaId\":\"3A71B523-0778-46C6-A38B-64452E0BB6E7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"418940E3-6DD1-4AA6-846A-03E059D0C681\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"411BA58A-33B6-44CA-B9D6-7F9042D46961\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA17A153-30E4-4731-8706-8F74FCA50993\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB736F57-9BE3-4457-A10E-FA88D0932154\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.3\",\"matchCriteriaId\":\"6EB8D02D-87F3-414D-A3EA-43F594DAAC1B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.10.6\",\"matchCriteriaId\":\"AAB481DA-FBFE-4CC2-9AE7-22025FA07494\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"3D6FD459-F8E8-4126-8097-D30B4639404A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"1.11.0\",\"matchCriteriaId\":\"69510F52-C699-4E7D-87EF-7000682888F0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.8b\",\"matchCriteriaId\":\"9461430B-3709-45B6-8858-2101F5AE4481\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.4\",\"matchCriteriaId\":\"B9A01DF3-E20E-4F29-B5CF-DDF717D01E74\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.35.1\",\"matchCriteriaId\":\"D25EB73D-6145-4B7D-8F14-80FD0B458E99\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\",\"matchCriteriaId\":\"77594DEC-B5F7-4911-A13D-FFE91C74BAFA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.4\",\"matchCriteriaId\":\"F8FF7E74-2351-4CD9-B717-FA28893293A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.6.0\",\"matchCriteriaId\":\"82A93C12-FEB6-4E82-B283-0ED7820D807E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"build__0144\",\"matchCriteriaId\":\"B480AE79-2FA1-4281-9F0D-0DE812B9354D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.0\",\"matchCriteriaId\":\"826B6323-06F8-4B96-8771-3FA15A727B08\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7EAD12-E398-44AF-9859-F3CA6C63BA6B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AAA300-691A-4957-8B69-F6888CC971B1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45937289-2D64-47CB-A750-5B4F0D4664A0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E2C021C-A9F0-4EB4-ADED-81D8B57B4563\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C877879-B84B-471C-80CF-0656521CA8AB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"379A5883-F6DF-41F5-9403-8D17F6605737\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5B1D946-5978-4818-BF21-A43D9C1365E1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5A7736-A403-4617-8790-18E46CB74DA6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E0DE4E1-5D8D-40F3-8AC8-C7F736966158\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BF3B2C-B121-483A-AEF2-8082F6DA5310\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"F92E56DF-98DF-4328-B37E-4D5744E4103D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"0.40.2\",\"matchCriteriaId\":\"AC12508E-3C31-44EA-B4F3-29316BE9B189\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.5.6\",\"matchCriteriaId\":\"1750028C-698D-4E84-B727-8A155A46ADEB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.3.4.27\",\"matchCriteriaId\":\"B38C0997-A8CC-473C-98CF-641FD21EB411\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"23.0\",\"versionEndExcluding\":\"23.3.4.20\",\"matchCriteriaId\":\"5887F3E2-9214-4FAE-8768-441D770E27C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"24.0\",\"versionEndExcluding\":\"24.3.4.15\",\"matchCriteriaId\":\"8D7CB988-94C4-45BE-AD9D-9C16899A71DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"25.0\",\"versionEndExcluding\":\"25.3.2.8\",\"matchCriteriaId\":\"EB749F4B-99FC-4AE8-BDB3-85B081B52F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.2.1\",\"matchCriteriaId\":\"2380909A-BA9B-4A76-82F2-D2D0EF242E57\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.2.15\",\"matchCriteriaId\":\"61119DB3-4336-4D3B-863A-0CCF4146E5C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.1\",\"matchCriteriaId\":\"7BFDD272-3DF0-4E3F-B69A-E7ABF4B18B24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.14.2\",\"matchCriteriaId\":\"FAE46983-0ABC-49F7-AC18-A78FAC7E73AA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2022.83\",\"matchCriteriaId\":\"06BF3368-F232-4E6B-883E-A591EED5C827\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.0-snapshot\",\"matchCriteriaId\":\"36531FB6-5682-4BF1-9785-E9D6D1C4207B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.1.5\",\"matchCriteriaId\":\"A86A51EA-B501-42F8-91E6-4EA97DED767C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.11.1.7\",\"matchCriteriaId\":\"70989970-E224-4D1C-941E-BBFB2AE7285C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.12\",\"versionEndExcluding\":\"4.13.2.4\",\"matchCriteriaId\":\"E7819CE3-2849-4D15-874B-F6A68EF6D65F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14\",\"versionEndExcluding\":\"4.15.3.1\",\"matchCriteriaId\":\"F6A4DD8B-06AD-4F13-8F7E-1E2AAF81C119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.1.1\",\"matchCriteriaId\":\"D91ED5E1-1D75-4B63-B0A2-B2EB6D4AC685\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.6\",\"matchCriteriaId\":\"83B1AF39-C0B9-4031-B19A-BDDD4F337273\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"23.09.1\",\"matchCriteriaId\":\"2B71B0EF-888E-45E2-A055-F59CDCC1AFC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.7.2\",\"matchCriteriaId\":\"8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.6.0\",\"matchCriteriaId\":\"C1795F7A-203F-400E-B09C-0FAF16D01CFC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.22\",\"matchCriteriaId\":\"0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.0\",\"matchCriteriaId\":\"E2D7B0CA-C01F-4296-9425-48299E3889C5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.37.0\",\"matchCriteriaId\":\"1C3EB0B8-9E76-4146-AB02-02E20B91D55C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20230101\",\"matchCriteriaId\":\"0582468A-149B-429F-978A-2AEDF4BE2606\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.76.1.13\",\"matchCriteriaId\":\"98321BF9-5E8F-4836-842C-47713B1C2775\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76BDAFDE-4515-42E6-820F-38AF4A786CF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5920923E-0D52-44E5-801D-10B82846ED58\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"73160D1F-755B-46D2-969F-DF8E43BB1099\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/18/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/19/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/06/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/17/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://bugs.gentoo.org/920280\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1217950\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://crates.io/crates/thrussh/versions\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://filezilla-project.org/versions.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/NixOS/nixpkgs/pull/275249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/advisories/GHSA-45x7-px36-x8w8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/mina-sshd/issues/445\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/cyd01/KiTTY/issues/520\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/hierynomus/sshj/issues/916\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/janmojzis/tinyssh/issues/81\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/libssh2/libssh2/pull/1291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\"]},{\"url\":\"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/mwiede/jsch/issues/457\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/mwiede/jsch/pull/461\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssh/openssh-portable/commits/master\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/paramiko/paramiko/issues/2337\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/issues/456\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rapier1/hpn-ssh/releases\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/tags\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ssh-mitm/ssh-mitm/issues/165\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/warp-tech/russh/releases/tag/v0.40.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.com/libssh/libssh-mirror/-/tags\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://help.panic.com/releasenotes/transmit5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://matt.ucc.asn.au/dropbear/CHANGES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://news.ycombinator.com/item?id=38684904\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38685286\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38732005\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://nova.app/releases/#v11.8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://oryx-embedded.com/download/#changelog\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://roumenpetrov.info/secsh/#news20231220\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/libssh2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-17\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240105-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214084\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/TrueSkrillor/status/1736774389725565005\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://winscp.net/eng/docs/history#6.2.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-client-version-history#933\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-server-version-history\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5586\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5588\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.netsarang.com/en/xshell-update-history/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/openbsd.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/txt/release-9.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/18/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"https://www.paramiko.org/changelog.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.terrapin-attack.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.vandyke.com/products/securecrt/history.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/18/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/19/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/06/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/17/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://bugs.gentoo.org/920280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1217950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://crates.io/crates/thrussh/versions\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://filezilla-project.org/versions.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/NixOS/nixpkgs/pull/275249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/advisories/GHSA-45x7-px36-x8w8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/mina-sshd/issues/445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/cyd01/KiTTY/issues/520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/hierynomus/sshj/issues/916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/janmojzis/tinyssh/issues/81\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/libssh2/libssh2/pull/1291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\"]},{\"url\":\"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/mwiede/jsch/issues/457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/mwiede/jsch/pull/461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssh/openssh-portable/commits/master\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/paramiko/paramiko/issues/2337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/issues/456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rapier1/hpn-ssh/releases\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/tags\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ssh-mitm/ssh-mitm/issues/165\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/warp-tech/russh/releases/tag/v0.40.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.com/libssh/libssh-mirror/-/tags\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://help.panic.com/releasenotes/transmit5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://matt.ucc.asn.au/dropbear/CHANGES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://news.ycombinator.com/item?id=38684904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38685286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38732005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://nova.app/releases/#v11.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://oryx-embedded.com/download/#changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://roumenpetrov.info/secsh/#news20231220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/libssh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240105-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/TrueSkrillor/status/1736774389725565005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://winscp.net/eng/docs/history#6.2.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-client-version-history#933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-server-version-history\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.netsarang.com/en/xshell-update-history/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/openbsd.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/txt/release-9.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"https://www.paramiko.org/changelog.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.terrapin-attack.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.vandyke.com/products/securecrt/history.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-364175.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-769027.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-794697.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability\"}, {\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openssh.com/openbsd.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ronf/asyncssh/tags\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openssh.com/txt/release-9.6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.terrapin-attack.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"name\": \"[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugs.gentoo.org/920280\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://oryx-embedded.com/download/#changelog\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crates.io/crates/thrussh/versions\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"name\": \"[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"name\": \"[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"name\": \"FEDORA-2023-0733306be9\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"name\": \"DSA-5586\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://filezilla-project.org/versions.php\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://nova.app/releases/#v11.8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"name\": \"DSA-5588\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"name\": \"[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"name\": \"GLSA-202312-16\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"name\": \"GLSA-202312-17\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"name\": \"FEDORA-2023-20feb865d8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"name\": \"FEDORA-2023-cb8c606fbb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"name\": \"FEDORA-2023-e77300e4b5\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"name\": \"FEDORA-2023-b87ec6cf47\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"name\": \"FEDORA-2023-153404713b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"name\": \"FEDORA-2024-3bb23c77f3\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"name\": \"FEDORA-2023-55800423a8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"name\": \"FEDORA-2024-d946b9ad25\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"name\": \"FEDORA-2024-71c2c6526c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"name\": \"FEDORA-2024-39a8c72ea9\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"name\": \"FEDORA-2024-ae653fb07b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"name\": \"FEDORA-2024-2705241461\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"name\": \"FEDORA-2024-fb32950d11\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"name\": \"FEDORA-2024-7b08207cdb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"name\": \"FEDORA-2024-06ebb70bdd\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"name\": \"FEDORA-2024-a53b24023d\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"name\": \"FEDORA-2024-3fd1bc9276\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"name\": \"20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"name\": \"[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"name\": \"[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"name\": \"[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:05:21.417Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM APE1808\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-794697.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-364175.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-769027.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T11:02:25.905Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48795\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-22T05:01:05.519910Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-354\", \"description\": \"CWE-354 Improper Validation of Integrity Check Value\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-27T20:45:13.765Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\"}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\"}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\"}, {\"url\": \"https://www.paramiko.org/changelog.html\"}, {\"url\": \"https://www.openssh.com/openbsd.html\"}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\"}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\"}, {\"url\": \"https://github.com/ronf/asyncssh/tags\"}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\"}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\"}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\"}, {\"url\": \"https://www.openssh.com/txt/release-9.6\"}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\"}, {\"url\": \"https://www.terrapin-attack.com\"}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\"}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\"}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\"}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\"}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\"}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\"}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\"}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\"}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\"}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"name\": \"[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\"}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\"}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\"}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\"}, {\"url\": \"https://bugs.gentoo.org/920280\"}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\"}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\"}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\"}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\"}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\"}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\"}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\"}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\"}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\"}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\"}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\"}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\"}, {\"url\": \"https://oryx-embedded.com/download/#changelog\"}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\"}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\"}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\"}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\"}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\"}, {\"url\": \"https://crates.io/crates/thrussh/versions\"}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"name\": \"[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\"}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"name\": \"[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\"}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\"}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\"}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\"}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"name\": \"FEDORA-2023-0733306be9\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"name\": \"DSA-5586\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\"}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\"}, {\"url\": \"https://filezilla-project.org/versions.php\"}, {\"url\": \"https://nova.app/releases/#v11.8\"}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\"}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\"}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\"}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\"}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\"}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\"}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\"}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"name\": \"DSA-5588\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\"}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"name\": \"[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"name\": \"GLSA-202312-16\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"name\": \"GLSA-202312-17\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"name\": \"FEDORA-2023-20feb865d8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"name\": \"FEDORA-2023-cb8c606fbb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"name\": \"FEDORA-2023-e77300e4b5\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"name\": \"FEDORA-2023-b87ec6cf47\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"name\": \"FEDORA-2023-153404713b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"name\": \"FEDORA-2024-3bb23c77f3\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"name\": \"FEDORA-2023-55800423a8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"name\": \"FEDORA-2024-d946b9ad25\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"name\": \"FEDORA-2024-71c2c6526c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"name\": \"FEDORA-2024-39a8c72ea9\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"name\": \"FEDORA-2024-ae653fb07b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"name\": \"FEDORA-2024-2705241461\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"name\": \"FEDORA-2024-fb32950d11\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"name\": \"FEDORA-2024-7b08207cdb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"name\": \"FEDORA-2024-06ebb70bdd\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"name\": \"FEDORA-2024-a53b24023d\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"name\": \"FEDORA-2024-3fd1bc9276\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"name\": \"20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"name\": \"[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"name\": \"[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"name\": \"[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-01T18:06:23.972Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-48795\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T11:02:25.905Z\", \"dateReserved\": \"2023-11-20T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-12-18T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
ICSA-24-193-11
Vulnerability from csaf_cisa - Published: 2024-07-09 00:00 - Updated: 2026-01-14 22:00Summary
Siemens RUGGEDCOM APE 1808
Notes
Summary: Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.
Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications.
[1] https://security.paloaltonetworks.com/
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Siemens ProductCERT SSA-364175 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Vendor Fix
|
9.0 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Vendor Fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Vendor Fix
|
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Vendor Fix
|
CWE-787
- Out-of-bounds Write
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Vendor Fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Vendor Fix
|
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Vendor Fix
|
9.1 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM APE1808
Siemens / RUGGEDCOM APE1808
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Vendor Fix
|
References
10 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reported these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.\n\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks\u0027 upstream security notifications.\n\n[1] https://security.paloaltonetworks.com/",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-364175 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-364175.json"
},
{
"category": "self",
"summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-193-11 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-193-11.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-193-11 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-11"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens RUGGEDCOM APE 1808",
"tracking": {
"current_release_date": "2026-01-14T22:00:09.701376Z",
"generator": {
"date": "2026-01-14T22:00:09.700371Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-24-193-11",
"initial_release_date": "2024-07-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-07-09T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00.000000Z",
"legacy_version": "Revision 1",
"number": "2",
"summary": "Added newly published CVE-2024-5913 and CVE-2024-3596"
},
{
"date": "2024-10-08T00:00:00.000000Z",
"legacy_version": "Revision 2",
"number": "3",
"summary": "Added CVE-2023-48795, CVE-2024-3596, CVE-2024-5913 and fix version information for Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices"
},
{
"date": "2024-11-12T00:00:00.000000Z",
"legacy_version": "Revision 3",
"number": "4",
"summary": "Added newly published CVE-2024-9468 and CVE-2024-9471. Added CVSSv4.0 vector to CVE-2024-5913"
},
{
"date": "2024-12-10T00:00:00.000000Z",
"legacy_version": "Revision 4",
"number": "5",
"summary": "Added newly published CVE-2024-5920"
},
{
"date": "2025-04-08T00:00:00.000000Z",
"legacy_version": "Revision 5",
"number": "6",
"summary": "Added newly published CVE-2025-0114"
},
{
"date": "2025-07-08T00:00:00.000000Z",
"legacy_version": "Revision 6",
"number": "7",
"summary": "Added newly published CVE-2025-4231"
},
{
"date": "2026-01-13T00:00:00.000000Z",
"legacy_version": "Revision 7",
"number": "8",
"summary": "Added newly published CVE-2025-4619"
},
{
"date": "2026-01-14T22:00:09.701376Z",
"legacy_version": "CISA Republication",
"number": "9",
"summary": "Initial Republication of Siemens ProductCERT SSA-364175 advisory"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "RUGGEDCOM APE1808",
"product_id": "CSAFPID-0001"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "RUGGEDCOM APE1808",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "RUGGEDCOM APE1808",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "RUGGEDCOM APE1808",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "summary",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2024-3596",
"cwe": {
"id": "CWE-924",
"name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
},
"notes": [
{
"category": "summary",
"text": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "CVE-2024-3596"
},
{
"cve": "CVE-2024-5913",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "CVE-2024-5913"
},
{
"cve": "CVE-2024-5920",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator\u0027s browser.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "CVE-2024-5920"
},
{
"cve": "CVE-2024-9468",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "CVE-2024-9468"
},
{
"cve": "CVE-2024-9471",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "CVE-2024-9471"
},
{
"cve": "CVE-2025-0114",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "CVE-2025-0114"
},
{
"cve": "CVE-2025-4231",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae enables an authenticated administrative user to perform actions as the root user.\r\nThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in Palo Alto Networks\u0027 Security Advisory",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "CVE-2025-4231"
},
{
"cve": "CVE-2025-4619",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
],
"title": "CVE-2025-4619"
}
]
}
ICSA-24-319-08
Vulnerability from csaf_cisa - Published: 2024-11-12 00:00 - Updated: 2024-11-12 00:00Summary
Siemens SINEC INS
Notes
Summary: SINEC INS before V1.0 SP2 Update 3 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC INS and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
References
10 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC INS before V1.0 SP2 Update 3 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC INS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-915275: Multiple Vulnerabilities in SINEC INS Before V1.0 SP2 Update 3 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-915275.json"
},
{
"category": "self",
"summary": "SSA-915275: Multiple Vulnerabilities in SINEC INS Before V1.0 SP2 Update 3 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-319-08 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-319-08.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-319-08 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SINEC INS",
"tracking": {
"current_release_date": "2024-11-12T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-319-08",
"initial_release_date": "2024-11-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-11-12T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.0_SP2_Update_3",
"product": {
"name": "SINEC INS",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINEC INS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2975",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-2975"
},
{
"cve": "CVE-2023-3341",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel\u0027s configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-3341"
},
{
"cve": "CVE-2023-3446",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \u0027-check\u0027 option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-3446"
},
{
"cve": "CVE-2023-3817",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-4236",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-4236"
},
{
"cve": "CVE-2023-4408",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-4408"
},
{
"cve": "CVE-2023-4807",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-4807"
},
{
"cve": "CVE-2023-5517",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect \u003cdomain\u003e;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5517"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5679",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5679"
},
{
"cve": "CVE-2023-5680",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5680"
},
{
"cve": "CVE-2023-6129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: The POLY1305 MAC (message authentication code) implementation\r\ncontains a bug that might corrupt the internal state of applications running\r\non PowerPC CPU based platforms if the CPU provides vector instructions.\r\n\r\nImpact summary: If an attacker can influence whether the POLY1305 MAC\r\nalgorithm is used, the application state might be corrupted with various\r\napplication dependent consequences.\r\n\r\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\r\nPowerPC CPUs restores the contents of vector registers in a different order\r\nthan they are saved. Thus the contents of some of these vector registers\r\nare corrupted when returning to the caller. The vulnerable code is used only\r\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\r\n\r\nThe consequences of this kind of internal application state corruption can\r\nbe various - from no consequences, if the calling application does not\r\ndepend on the contents of non-volatile XMM registers at all, to the worst\r\nconsequences, where the attacker could get complete control of the application\r\nprocess. However unless the compiler uses the vector registers for storing\r\npointers, the most likely consequence, if any, would be an incorrect result\r\nof some application dependent calculations or a crash leading to a denial of\r\nservice.\r\n\r\nThe POLY1305 MAC algorithm is most frequently used as part of the\r\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\r\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\r\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\r\nclient can influence whether this AEAD cipher is used. This implies that\r\nTLS server applications using OpenSSL can be potentially impacted. However\r\nwe are currently not aware of any concrete application that would be affected\r\nby this issue therefore we consider this a Low severity security issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2023-6237",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6237"
},
{
"cve": "CVE-2023-6516",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "summary",
"text": "To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6516"
},
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2023-32002",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32002"
},
{
"cve": "CVE-2023-32003",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32003"
},
{
"cve": "CVE-2023-32004",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32004"
},
{
"cve": "CVE-2023-32005",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument.\n\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32005"
},
{
"cve": "CVE-2023-32006",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32006"
},
{
"cve": "CVE-2023-32558",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. \n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.x.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32558"
},
{
"cve": "CVE-2023-32559",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding(\u0027spawn_sync\u0027)` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32559"
},
{
"cve": "CVE-2023-38552",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\r\nImpacts:\r\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\r\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-38552"
},
{
"cve": "CVE-2023-39331",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.\r\n\r\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39331"
},
{
"cve": "CVE-2023-39332",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\r\n\r\nThis is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\r\n\r\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39332"
},
{
"cve": "CVE-2023-39333",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39333"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45143",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici\u0027s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-45143"
},
{
"cve": "CVE-2023-46809",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "summary",
"text": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-46809"
},
{
"cve": "CVE-2023-47038",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-47038"
},
{
"cve": "CVE-2023-47039",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-47039"
},
{
"cve": "CVE-2023-47100",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-47100"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "summary",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-50387",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-50387"
},
{
"cve": "CVE-2023-50868",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-50868"
},
{
"cve": "CVE-2023-52389",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-52389"
},
{
"cve": "CVE-2024-0232",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-0232"
},
{
"cve": "CVE-2024-0727",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\r\nto crash leading to a potential Denial of Service attack\r\n\r\nImpact summary: Applications loading files in the PKCS12 format from untrusted\r\nsources might terminate abruptly.\r\n\r\nA file in PKCS12 format can contain certificates and keys and may come from an\r\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\r\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\r\ndereference that results in OpenSSL crashing. If an application processes PKCS12\r\nfiles from an untrusted source using the OpenSSL APIs then that application will\r\nbe vulnerable to this issue.\r\n\r\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\r\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\r\nand PKCS12_newpass().\r\n\r\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\r\nfunction is related to writing data we do not consider it security significant.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions\r\nImpact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-21890",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-21890"
},
{
"cve": "CVE-2024-21891",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Node.js could allow a remote attacker to bypass security restrictions, caused by improper path traversal sequence sanitization. By using a path traversal attack, an attacker could exploit this vulnerability leading to filesystem permission model bypass.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-21891"
},
{
"cve": "CVE-2024-21892",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Node.js could allow a local authenticated attacker to gain elevated privileges on the system, caused by a bug in the implementation of the exception of CAP_NET_BIND_SERVICE. An attacker could exploit this vulnerability to inject code that inherits the process\u0027s elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-21892"
},
{
"cve": "CVE-2024-21896",
"cwe": {
"id": "CWE-27",
"name": "Path Traversal: \u0027dir/../../filename\u0027"
},
"notes": [
{
"category": "summary",
"text": "Node.js could allow a remote attacker to traverse directories on the system. By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, an attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to read arbitrary files on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-21896"
},
{
"cve": "CVE-2024-22017",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "setuid() does not affect libuv\u0027s internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-22017"
},
{
"cve": "CVE-2024-22019",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22025",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Node.js is vulnerable to a denial of service, caused by a resource exhaustion vulnerability in fetch() brotli decoding . By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-22025"
},
{
"cve": "CVE-2024-24758",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-24758"
},
{
"cve": "CVE-2024-24806",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "summary",
"text": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-24806"
},
{
"cve": "CVE-2024-27980",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by the improper handling of batch files in child_process.spawn / child_process.spawnSync. By sending a specially crafted command line argument using args parameter, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-27980"
},
{
"cve": "CVE-2024-27982",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in the http server, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-27982"
},
{
"cve": "CVE-2024-27983",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Node.js is vulnerable to a denial of service, caused by an assertion failure in `node::http2::Http2Session::~Http2Session()`. By sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside, an attacker could exploit this vulnerability to cause the HTTP/2 server to crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-27983"
},
{
"cve": "CVE-2024-46888",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46888"
},
{
"cve": "CVE-2024-46889",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "summary",
"text": "The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46889"
},
{
"cve": "CVE-2024-46890",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46890"
},
{
"cve": "CVE-2024-46891",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system\u0027s resources and create a denial of service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46891"
},
{
"cve": "CVE-2024-46892",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46892"
},
{
"cve": "CVE-2024-46894",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate authorization of a user to query the \"/api/sftp/users\" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46894"
}
]
}
ICSA-25-044-09
Vulnerability from csaf_cisa - Published: 2025-02-11 00:00 - Updated: 2025-05-06 06:00Summary
Siemens SCALANCE W700 IEEE 802.11ax
Notes
Summary: SCALANCE W-700 IEEE 802.11ax family devices are affected by multiple vulnerabilities.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.1 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.7 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.4 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.6 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.7 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.1 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.7 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
9.3 (Critical)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.7 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.1 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
CWE-425
- Direct Request ('Forced Browsing')
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
CWE-252
- Unchecked Return Value
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.4 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
4.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
6.8 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
4.3 (Medium)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
7.2 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
CWE-284
- Improper Access Control
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
6GK5762-1AJ00-6AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
6GK5763-1AL00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
6GK5763-1AL00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
6GK5763-1AL00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
6GK5766-1GE00-7DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
6GK5766-1GE00-7DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
6GK5766-1GE00-7DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
6GK5766-1GE00-7TA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
6GK5766-1GE00-7TC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
6GK5766-1GE00-7TB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
6GK5762-1AJ00-1AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
6GK5762-1AJ00-2AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
6GK5763-1AL00-3AA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
6GK5763-1AL00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
6GK5763-1AL00-3AB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
6GK5763-1AL00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
6GK5766-1GE00-3DA0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
6GK5766-1GE00-3DC0
|
<V3.0.0 |
Vendor Fix
fix
|
|
SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
6GK5766-1GE00-3DB0
|
<V3.0.0 |
Vendor Fix
fix
|
References
10 references
Acknowledgments
Siemens
{
"document": {
"acknowledgments": [
{
"organization": "Siemens",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SCALANCE W-700 IEEE 802.11ax family devices are affected by multiple vulnerabilities.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-769027: Multiple Vulnerabilities fixed in SCALANCE W700 IEEE 802.11ax devices before V3.0.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-769027.json"
},
{
"category": "self",
"summary": "SSA-769027: Multiple Vulnerabilities fixed in SCALANCE W700 IEEE 802.11ax devices before V3.0.0 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-044-09 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-044-09.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-044-09 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE W700 IEEE 802.11ax",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-044-09",
"initial_release_date": "2025-02-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2025-02-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "2",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6GK5762-1AJ00-6AA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6GK5763-1AL00-7DA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6GK5763-1AL00-7DC0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6GK5763-1AL00-7DB0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-7DA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-7DC0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-7DB0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-7TA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-7TC0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-7TB0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6GK5762-1AJ00-1AA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6GK5762-1AJ00-2AA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6GK5763-1AL00-3AA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"6GK5763-1AL00-3DA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"6GK5763-1AL00-3AB0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"6GK5763-1AL00-3DB0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-3DA0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-3DC0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0.0",
"product": {
"name": "SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"6GK5766-1GE00-3DB0"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2588",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-2588"
},
{
"cve": "CVE-2022-2663",
"cwe": {
"id": "CWE-923",
"name": "Improper Restriction of Communication Channel to Intended Endpoints"
},
"notes": [
{
"category": "summary",
"text": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-2663"
},
{
"cve": "CVE-2022-3524",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-3524"
},
{
"cve": "CVE-2022-4304",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-4304"
},
{
"cve": "CVE-2022-4450",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-4450"
},
{
"cve": "CVE-2022-39188",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-39188"
},
{
"cve": "CVE-2022-39842",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-39842"
},
{
"cve": "CVE-2022-40303",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-43750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor\u0027s internal memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-43750"
},
{
"cve": "CVE-2022-47069",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-47069"
},
{
"cve": "CVE-2022-47929",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2022-47929"
},
{
"cve": "CVE-2023-0045",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set \u00a0function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. \u00a0The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit\u00a0a664ec9158eeddd75121d39c9a0758016097fa96",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-0045"
},
{
"cve": "CVE-2023-0215",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-0464",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-0464"
},
{
"cve": "CVE-2023-0465",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Applications that use a non-default option when verifying certificates may be\r\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\r\nOpenSSL and other certificate policy checks are skipped for that certificate.\r\nA malicious CA could use this to deliberately assert invalid certificate policies\r\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\r\nthe `-policy` argument to the command line utilities or by calling the\r\n`X509_VERIFY_PARAM_set1_policies()` function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-0465"
},
{
"cve": "CVE-2023-0466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The function X509_VERIFY_PARAM_add0_policy() is documented to\r\nimplicitly enable the certificate policy check when doing certificate\r\nverification. However the implementation of the function does not\r\nenable the check which allows certificates with invalid or incorrect\r\npolicies to pass the certificate verification.\r\n\r\nAs suddenly enabling the policy check could break existing deployments it was\r\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\r\nfunction.\r\n\r\nInstead the applications that require OpenSSL to perform certificate\r\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\r\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\r\nthe X509_V_FLAG_POLICY_CHECK flag argument.\r\n\r\nCertificate policy checks are disabled by default in OpenSSL and are not\r\ncommonly used by applications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-0466"
},
{
"cve": "CVE-2023-0590",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-0590"
},
{
"cve": "CVE-2023-1073",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-1073"
},
{
"cve": "CVE-2023-1074",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "A memory leak flaw was found in the Linux kernel\u0027s Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-1074"
},
{
"cve": "CVE-2023-1118",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-1118"
},
{
"cve": "CVE-2023-1206",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u2019s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-1206"
},
{
"cve": "CVE-2023-1380",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info-\u003ereq_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-1380"
},
{
"cve": "CVE-2023-1670",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-1670"
},
{
"cve": "CVE-2023-2194",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds write vulnerability was found in the Linux kernel\u0027s SLIMpro I2C device driver. The userspace \"data-\u003eblock[0]\" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-2194"
},
{
"cve": "CVE-2023-3446",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "summary",
"text": "Checking excessively long DH keys or parameters may be very slow. Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \u0027-check\u0027 option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-3446"
},
{
"cve": "CVE-2023-3611",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-3611"
},
{
"cve": "CVE-2023-4623",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-4623"
},
{
"cve": "CVE-2023-4921",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-4921"
},
{
"cve": "CVE-2023-5363",
"cwe": {
"id": "CWE-684",
"name": "Incorrect Provision of Specified Functionality"
},
"notes": [
{
"category": "summary",
"text": "A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes.\r\n\r\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\r\n\r\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\u0027s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse.\r\n\r\nBoth truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical.\r\n\r\nChanging the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\r\n\r\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary.\r\n\r\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5717",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\r\n\r\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\r\n\r\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2023-6129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The POLY1305 MAC (message authentication code) implementation\r\ncontains a bug that might corrupt the internal state of applications running\r\non PowerPC CPU based platforms if the CPU provides vector instructions.\r\n\r\nIf an attacker can influence whether the POLY1305 MAC\r\nalgorithm is used, the application state might be corrupted with various\r\napplication dependent consequences.\r\n\r\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\r\nPowerPC CPUs restores the contents of vector registers in a different order\r\nthan they are saved. Thus the contents of some of these vector registers\r\nare corrupted when returning to the caller. The vulnerable code is used only\r\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\r\n\r\nThe consequences of this kind of internal application state corruption can\r\nbe various - from no consequences, if the calling application does not\r\ndepend on the contents of non-volatile XMM registers at all, to the worst\r\nconsequences, where the attacker could get complete control of the application\r\nprocess. However unless the compiler uses the vector registers for storing\r\npointers, the most likely consequence, if any, would be an incorrect result\r\nof some application dependent calculations or a crash leading to a denial of\r\nservice.\r\n\r\nThe POLY1305 MAC algorithm is most frequently used as part of the\r\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\r\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\r\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\r\nclient can influence whether this AEAD cipher is used. This implies that\r\nTLS server applications using OpenSSL can be potentially impacted. However\r\nwe are currently not aware of any concrete application that would be affected\r\nby this issue therefore we consider this a Low severity security issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2023-6237",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Checking excessively long invalid RSA public keys may take a long time. Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-6237"
},
{
"cve": "CVE-2023-7250",
"cwe": {
"id": "CWE-183",
"name": "Permissive List of Allowed Inputs"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-7250"
},
{
"cve": "CVE-2023-23454",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-23454"
},
{
"cve": "CVE-2023-23455",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-23455"
},
{
"cve": "CVE-2023-23559",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-23559"
},
{
"cve": "CVE-2023-26545",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-26545"
},
{
"cve": "CVE-2023-28484",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-28578",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Memory corruption in Core Services while executing the command for removing a single event listener.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-28578"
},
{
"cve": "CVE-2023-29469",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the \u0027\\0\u0027 value).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2023-31085",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd-\u003eerasesize), used indirectly by ctrl_cdev_ioctl, when mtd-\u003eerasesize is 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-31085"
},
{
"cve": "CVE-2023-31315",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-31315"
},
{
"cve": "CVE-2023-35001",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-35001"
},
{
"cve": "CVE-2023-39192",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-39192"
},
{
"cve": "CVE-2023-39193",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-39193"
},
{
"cve": "CVE-2023-42754",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-42754"
},
{
"cve": "CVE-2023-43522",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-43522"
},
{
"cve": "CVE-2023-44320",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-44320"
},
{
"cve": "CVE-2023-44322",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "summary",
"text": "Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-44322"
},
{
"cve": "CVE-2023-45853",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2023-45863",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-45863"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "summary",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51384",
"cwe": {
"id": "CWE-304",
"name": "Missing Critical Step in Authentication"
},
"notes": [
{
"category": "summary",
"text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-51384"
},
{
"cve": "CVE-2023-51385",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2024-0727",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-4603",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "summary",
"text": "Checking excessively long DSA keys or parameters may be very slow. Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Some of those computations take a long time if the modulus (`p` parameter) is too large. Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks. An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable. Also vulnerable are the OpenSSL pkey and pkeyparam command line applications when using the `-check` option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-6119",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don\u0027t perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-6119"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Use of the low-level GF(2m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we\u0027re aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2m)) curves that can\u0027t represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-23814",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-23814"
},
{
"cve": "CVE-2024-26306",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-26306"
},
{
"cve": "CVE-2024-33016",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "memory corruption when an invalid firehose patch command is invoked.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-33016"
},
{
"cve": "CVE-2024-50560",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-50560"
},
{
"cve": "CVE-2024-50561",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-50561"
},
{
"cve": "CVE-2024-50572",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2024-50572"
},
{
"cve": "CVE-2025-24499",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2025-24499"
},
{
"cve": "CVE-2025-24532",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "Affected devices with role `user` is affected by incorrect authorization in SNMPv3 View configuration. This could allow an attacker to change the View Type of SNMPv3 Views.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0.0 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977720/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019"
]
}
],
"title": "CVE-2025-24532"
}
]
}
ICSA-25-105-08
Vulnerability from csaf_cisa - Published: 2025-04-07 10:30 - Updated: 2025-04-07 10:30Summary
ABB M2M Gateway
Notes
Summary: ABB is aware of public reports of a vulnerabilities in product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could cause the product to stop, make the product inacces-sible, take remote control of the product or insert and run arbitrary code.
As part of ABB product lifecycle policy, once a product transitions to end-of-life, we discontinue maintenance, security patches, and technical support to focus on current and future technologies. While the product will continue to function, we strongly recommend implementing mitigations defined in this document, such as using a private APN cellular network between Arctic wireless gateways and ARM600 for establishing VPN tunnels, to mitigate security risks and avoid potential vulnerabilities.
As part of ABB product lifecycle policy, once a product transitions to Limited state, we discontinue maintenance, security patches, and technical support to focus on current and future technologies. While the product will continue to function, we strongly recommend implementing mitigations defined in this document to mitigate security risks.
Mitigating factors: Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.
1. Obtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn’t expose the traffic between remote sites and main site to the internet but rather uses cellular operator’s private wide area network (WAN). Therefore, the ARM600 wouldn’t need open ports to the internet.
2. Avoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).
3. ARM600 system is by default not dependent on the name service (DNS). If name service is not used in the system, the name service port (TCP/UDP port 53) can be blocked by a firewall.
4. Perform firewall configuration by the "allowlisting" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.
5. Filter specific ICMP packets from external systems (ICMP type 13 and 14) by firewall for not exposing the system time.
6. If the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).
7. Change the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.
8. Use administrator (i.e., root user) privileges only when required by the task.
9. Supporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system.
Any data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.
10. Introduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:
a. Check that the entire system has backups available from all applicable parts.
b. Store the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.
c. Ensure the security of the configuration PCs that may have local copies of device configurations.
d. Validate the backups to make sure that they’re working.
11. Follow cyber security best practices for installation, operation, and decommissioning as described in the product’s Cyber Security Deployment Guideline and User Manual.
12. Use continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system
13. Consider hardening the system according to the following:
a. Remove any unnecessary communication links in the system.
b. If possible, close unused physical ports.
c. Open only the necessary TCP/UDP ports in the configuration.
d. Remove all unnecessary user accounts.
e. Restrict traffic by firewall.
f. Allow the traffic only from/to necessary hosts' IP addresses (i.e., define both source and destination in the firewall rules, where possible).
g. Define client IP address as allowed address in SCADA communication protocols, if such configuration is supported.
h. Remove or deactivate all unused processes, communication ports and services, where possible.
i. Use physical access controls to the system installations (e.g., to server rooms and device cabinets).
14. In ARM600SW installations, avoid servers with AMD processors vulnerable to the following: CVE-2021-26401, CVE-2023-20569 and CVE-2023-20593.
15. Avoid using AX88179_178A chipset-based USB -to-Ethernet devices.
Refer to section General security recommendations for additional advice on how to keep your system secure.
General security recommendations: For any installation of software-related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:
– Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks).
– Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
– Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.
– Scan all data imported into your environment before use to detect potential malware infections.
– Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the internet unless they are designed for such exposure and the intended use requires such.
– Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.
– When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
More information on recommended practices can be found in the following document:
1MRS758860 Rev. F, Arctic Cyber Security Deployment Guideline
Support: For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.
Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.
Notice: The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.
ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.
This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.
All rights to registrations and trademarks reside with their respective owners.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from ABB PSIRT's CSAF advisory.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Vulnerability in Git that arises from an issue with git attributes parsing. This flaw can lead to an integer overflow, which might be exploited by authenticated attackers to execute arbitrary code or cause a denial of service.
CWE-190 - Integer Overflow or WraparoundAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Vulnerability in Git that involves a heap overflow in the git archive and git log --format commands. This flaw can potentially lead to remote code execution (RCE) if exploited by authenticated attacker.
CWE-190 - Integer Overflow or WraparoundAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Vulnerability in Apache HTTP Server versions 2.4.0 through 2.4.55. It involves HTTP Request Smuggling due to certain mod_proxy configurations combined with RewriteRule or ProxyPassMatch directives. This flaw can lead to bypassing access controls by an authenticated attacker.
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Vulnerability in the PKCS#11 feature of ssh-agent in OpenSSH versions before 9.3p2. It involves an insufficiently trustworthy search path, which can lead to remote code execution if an agent is forwarded by authenticated user to an attacker-controlled system.
CWE-428 - Unquoted Search Path or ElementAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent socket.
CWE-426 - Untrusted Search PathAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
A use-after-free vulnerability was found in system. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later, allowing authenticated user to execute arbitrary code.
CWE-416 - Use After FreeAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field, potentially allowing an authenticated attacker to reveal sensitive information or to cause a denial-of-service situation.
CWE-787 - Out-of-bounds WriteAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An authenticated attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
CWE-401 - Missing Release of Memory after Effective LifetimeAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
CWE-401 - Missing Release of Memory after Effective LifetimeAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
The vulnerability allows the configured max-cache-size limit to be significantly exceeded by querying the resolver for specific RRsets in a certain order. This can lead to a denial-of-service condition by ex-hausting all available memory on the host running named service.
CWE-770 - Allocation of Resources Without Limits or ThrottlingAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
The vulnerability involves the recursive processing of control channel messages sent to named, which can exhaust stack memory and cause named to terminate unexpectedly. Exploiting this flaw requires only network access to the control channel's configured TCP port, without needing a valid RNDC key.
CWE-787 - Out-of-bounds WriteAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Local users able to write to UNIX domain sockets can bypass access controls and manipulate the mul-tipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
CWE-269 - Improper Privilege ManagementAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Local users can write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
CWE-416 - Use After FreeAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
By feeding specially crafted input as authenticated attacker to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents, leading to potential arbitrary code execution.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the con-figuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution.
CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Flaw in certain AMD EPYC, Ryzen, Threadripper and Athlon processors considering LONGJMP assembly command. This could lead to arbitrary code execution. Note: ARM600 servers include Intel processors, but there may be ARM600 SW installations running in AMD processor environments.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how an authenticated user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CWE-131 - Incorrect Calculation of Buffer SizeAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double re-use. This could lead to a system crash or elevation of privileges.
CWE-416 - Use After FreeAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. This could cause leaking of data or Denial of Service (DoS) conditions.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. This could lead to an unprivileged local user gaining root access.
CWE-416 - Use After FreeAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace. This vulnerability could lead to local user privilege escalation.
CWE-787 - Out-of-bounds WriteAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local user privilege escalation.
CWE-416 - Use After FreeAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
A missing netfilter macro could lead to a miscalculation of the `h->nets` array offset, providing attack-ers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bounds. This vulnerability may allow a local user to crash the system or potentially escalate their privileges.
CWE-787 - Out-of-bounds WriteAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
PAC parsing in krb5 has integer overflows that may lead to denial of service.
CWE-190 - Integer Overflow or WraparoundAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
An issue was discovered in function _libssh2_packet_add in libssh2 that allows attackers to access out of bounds memory. This could lead to a system crash by authenticated attacker.
CWE-787 - Out-of-bounds WriteAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. When CRL checking is enabled, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service.
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
An issue in the urllib.parse component of Python allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Successful exploitation of this vulnerability could lead to addition or modification of data by an authenticated attacker.
CWE-20 - Improper Input ValidationAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Remote arbitrary files write inside the directories of connecting peers. A malicious rsync server can overwrite arbitrary files in the rsync client target directory and subdirectories.
CWE-20 - Improper Input ValidationAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
The sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This could lead to privilege escalation.
CWE-269 - Improper Privilege ManagementAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Apache portable runtime utility issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions. This could lead to modification of data or denial of service.
CWE-190 - Integer Overflow or WraparoundAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incor-rect answers. This could cause DNS cache poisoning that could potentially lead to a denial of service and information disclosure by an authenticated attacker.
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Processing large delegations may severely degrade resolver performance effectively denying legitimate clients access to the DNS resolution service. This could cause a denial-of-service conditions.
CWE-400 - Uncontrolled Resource ConsumptionAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel allows a user-space client to corrupt the monitor's internal memory. This could lead to denial-of-service or information disclosure conditions by an authenticated attacker.
CWE-787 - Out-of-bounds WriteAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Return Address Predictor vulnerability leading to information disclosure in certain AMD processors. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. Note: ARM600 servers utilize Intel processors, but there may be ARM600 SW installations running in AMD processor environments.
CWE-203 - Observable DiscrepancyAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Cross-Process Information Leak in certain AMD processors. This could lead to an attacker potentially accessing confidential information. Note: ARM600 servers utilize Intel processors, but there may be ARM600 SW installations running in AMD processor environments.
CWE-209 - Generation of Error Message Containing Sensitive InformationAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
If a TLS server side socket is created, receives data, and then closes quickly, there's a brief window where the SSLSocket instance detects it as "not connected" and won't initiate a handshake. Buffered data remains readable but unauthenticated if client certificate authentication is expected. This data is limited to the buffer size. An unauthenticated attacker could exploit this vulnerability for revealing sensitive information from the server.
CWE-287 - Improper AuthenticationAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
Remote attackers may bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
CWE-354 - Improper Validation of Integrity Check ValueAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
TLS protocol version 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2 do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CWE-326 - Inadequate Encryption StrengthAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
The TLS protocol 1.2 and earlier can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CWE-212 - Improper Removal of Sensitive Information Before Storage or TransferAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
The “ICMP Timestamp Request Remote Date Disclosure” vulnerability involves the use of ICMP (internet Control Message Protocol) to request and receive timestamp information from a target system.
CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3
ABB / ABB M2M Gateway / ARM600
|
>=4.1.2|<=5.0.3 |
Mitigation
|
|
|
ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3
ABB / ABB M2M Gateway / SW
|
>=5.0.1|<=5.0.3 |
Mitigation
|
References
55 references
Acknowledgments
ABB
{
"document": {
"acknowledgments": [
{
"organization": "ABB",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "En",
"notes": [
{
"category": "summary",
"text": "ABB is aware of public reports of a vulnerabilities in product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could cause the product to stop, make the product inacces-sible, take remote control of the product or insert and run arbitrary code.\nAs part of ABB product lifecycle policy, once a product transitions to end-of-life, we discontinue maintenance, security patches, and technical support to focus on current and future technologies. While the product will continue to function, we strongly recommend implementing mitigations defined in this document, such as using a private APN cellular network between Arctic wireless gateways and ARM600 for establishing VPN tunnels, to mitigate security risks and avoid potential vulnerabilities.\nAs part of ABB product lifecycle policy, once a product transitions to Limited state, we discontinue maintenance, security patches, and technical support to focus on current and future technologies. While the product will continue to function, we strongly recommend implementing mitigations defined in this document to mitigate security risks.",
"title": "Summary"
},
{
"category": "general",
"text": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n3.\tARM600 system is by default not dependent on the name service (DNS). If name service is not used in the system, the name service port (TCP/UDP port 53) can be blocked by a firewall.\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n5.\tFilter specific ICMP packets from external systems (ICMP type 13 and 14) by firewall for not exposing the system time. \n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n\n14.\tIn ARM600SW installations, avoid servers with AMD processors vulnerable to the following: CVE-2021-26401, CVE-2023-20569 and CVE-2023-20593.\n\n\n15.\tAvoid using AX88179_178A chipset-based USB -to-Ethernet devices.\n\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"title": "Mitigating factors"
},
{
"category": "other",
"text": "For any installation of software-related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:\n\u2013\tIsolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks).\n\u2013\tInstall physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n\u2013\tNever connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.\n\u2013\tScan all data imported into your environment before use to detect potential malware infections.\n\u2013\tMinimize network exposure for all applications and endpoints to ensure that they are not accessible from the internet unless they are designed for such exposure and the intended use requires such.\n\u2013\tEnsure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.\n\u2013\tWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\nMore information on recommended practices can be found in the following document:\n1MRS758860 Rev. F, Arctic Cyber Security Deployment Guideline\n",
"title": "General security recommendations"
},
{
"category": "other",
"text": "For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.\nInformation about ABB\u2019s cyber security program and capabilities can be found at www.abb.com/cybersecurity.\n",
"title": "Support"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.\nABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.\nThis document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\nAll rights to registrations and trademarks reside with their respective owners.\n",
"title": "Notice"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from ABB PSIRT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-105-08 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-105-08.json"
},
{
"summary": "User Manual",
"url": "https://library.e.abb.com/public/0498e4c0babd46aa9243aedd6f99c375/ARM600_user_758861_ENk.pdf"
},
{
"summary": "ABB product lifecycle policy",
"url": "https://new.abb.com/service/electrification/life-cycle-management?pe_data=D42415F457244415145784545584371%7C29609824"
},
{
"summary": "ABB CYBERSECURITY ADVISORY - PDF version ",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA002579\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"summary": "1MRS758860, Rev. F Arctic, Cyber Security Deployment Guideline",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS758860\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"summary": "Cyber Security Deployment Guideline",
"url": "https://library.e.abb.com/public/ffab1a14a42646c6adee38fc3de61dad/Arctic_csdepl_758860_ENf.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-105-08 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "ABB M2M Gateway",
"tracking": {
"current_release_date": "2025-04-07T10:30:00.000000Z",
"generator": {
"date": "2025-04-15T16:37:24.772764Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-105-08",
"initial_release_date": "2025-04-07T10:30:00.000000Z",
"revision_history": [
{
"date": "2025-04-07T10:30:00.000000Z",
"number": "1.0.0",
"summary": "Initial Version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=4.1.2|\u003c=5.0.3",
"product": {
"name": "ABB M2M Gateway ARM600, firmware versions = 4.1.2 \u003c= 5.0.3",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "ARM600"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=5.0.1|\u003c=5.0.3",
"product": {
"name": "ABB M2M Gateway SW, software versions = 5.0.1 \u003c= 5.0.3",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SW"
}
],
"category": "product_family",
"name": "ABB M2M Gateway"
}
],
"category": "vendor",
"name": "ABB"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23521",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Vulnerability in Git that arises from an issue with git attributes parsing. This flaw can lead to an integer overflow, which might be exploited by authenticated attackers to execute arbitrary code or cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-23521",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23521"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-23521"
},
{
"cve": "CVE-2022-41903",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Vulnerability in Git that involves a heap overflow in the git archive and git log --format commands. This flaw can potentially lead to remote code execution (RCE) if exploited by authenticated attacker.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-41903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41903"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-41903"
},
{
"cve": "CVE-2023-25690",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "description",
"text": "Vulnerability in Apache HTTP Server versions 2.4.0 through 2.4.55. It involves HTTP Request Smuggling\ndue to certain mod_proxy configurations combined with RewriteRule or ProxyPassMatch directives. This\nflaw can lead to bypassing access controls by an authenticated attacker.\n",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-25690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25690"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-25690"
},
{
"cve": "CVE-2023-38408",
"cwe": {
"id": "CWE-428",
"name": "Unquoted Search Path or Element"
},
"notes": [
{
"category": "description",
"text": "Vulnerability in the PKCS#11 feature of ssh-agent in OpenSSH versions before 9.3p2. It involves an \ninsufficiently trustworthy search path, which can lead to remote code execution if an agent is \nforwarded by authenticated user to an attacker-controlled system.\n",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD -CVE-2023-38408 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38408"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-38408"
},
{
"cve": "CVE-2016-10009",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote\nattackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent socket.\n",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2016-10009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10009"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.8,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2016-10009"
},
{
"cve": "CVE-2022-2526",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in system. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in \u0027resolved-dns-stream.c\u0027 not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later, allowing authenticated user to execute arbitrary code.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-2526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2526"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "REASONABLE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-2526"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field, potentially allowing an authenticated attacker to reveal sensitive information or to cause a denial-of-service situation.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-37434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2023-20032",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An authenticated attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-20032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20032"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-20032"
},
{
"cve": "CVE-2022-38177",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "description",
"text": "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2022-38177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38177"
}
],
"remediations": [
{
"category": "mitigation",
"details": "\nMitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n3.\tARM600 system is by default not dependent on the name service (DNS). If name service is not used in the system, the name service port (TCP/UDP port 53) can be blocked by a firewall.\n\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.9,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-38177"
},
{
"cve": "CVE-2022-38178",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "description",
"text": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD -CVE-2022-38178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38178"
}
],
"remediations": [
{
"category": "mitigation",
"details": "\nMitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n3.\tARM600 system is by default not dependent on the name service (DNS). If name service is not used in the system, the name service port (TCP/UDP port 53) can be blocked by a firewall.\n\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.9,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-38178"
},
{
"cve": "CVE-2023-2828",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "The vulnerability allows the configured max-cache-size limit to be significantly exceeded by querying the resolver for specific RRsets in a certain order. This can lead to a denial-of-service condition by ex-hausting all available memory on the host running named service.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2023-2828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2828"
}
],
"remediations": [
{
"category": "mitigation",
"details": "\nMitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n3.\tARM600 system is by default not dependent on the name service (DNS). If name service is not used in the system, the name service port (TCP/UDP port 53) can be blocked by a firewall.\n\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-2828"
},
{
"cve": "CVE-2023-3341",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "The vulnerability involves the recursive processing of control channel messages sent to named, which can exhaust stack memory and cause named to terminate unexpectedly. Exploiting this flaw requires only network access to the control channel\u0027s configured TCP port, without needing a valid RNDC key.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-3341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3341"
}
],
"remediations": [
{
"category": "mitigation",
"details": "\nMitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n3.\tARM600 system is by default not dependent on the name service (DNS). If name service is not used in the system, the name service port (TCP/UDP port 53) can be blocked by a firewall.\n\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.9,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-3341"
},
{
"cve": "CVE-2022-41974",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "description",
"text": "Local users able to write to UNIX domain sockets can bypass access controls and manipulate the mul-tipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD -CVE-2022-41974",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41974"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-41974"
},
{
"cve": "CVE-2022-40674",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Local users can write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-40674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.9,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2023-25652",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "By feeding specially crafted input as authenticated attacker to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents, leading to potential arbitrary code execution.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2023-25652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25652"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.9,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-25652"
},
{
"cve": "CVE-2023-29007",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user\u0027s `$GIT_DIR/config` when attempting to remove the con-figuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution.",
"title": "CVE Decsription"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2023-29007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29007"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-29007"
},
{
"cve": "CVE-2022-2964",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u2019s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-2964",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2964"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n\n15.\tAvoid using AX88179_178A chipset-based USB -to-Ethernet devices.\n\n\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-2964"
},
{
"cve": "CVE-2021-26401",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "Flaw in certain AMD EPYC, Ryzen, Threadripper and Athlon processors considering LONGJMP assembly command. This could lead to arbitrary code execution. Note: ARM600 servers include Intel processors, but there may be ARM600 SW installations running in AMD processor environments.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2021-26401",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26401"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n\n14.\tIn ARM600SW installations, avoid servers with AMD processors vulnerable to the following: CVE-2021-26401, CVE-2023-20569 and CVE-2023-20593.\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.2,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-26401"
},
{
"cve": "CVE-2022-4378",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in the Linux kernel\u0027s SYSCTL subsystem in how an authenticated user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2022-4378",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4378"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-4378"
},
{
"cve": "CVE-2022-42703",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double re-use. This could lead to a system crash or elevation of privileges.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-42703",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42703"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.1,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-42703"
},
{
"cve": "CVE-2022-3564",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "description",
"text": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. This could cause leaking of data or Denial of Service (DoS) conditions.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - cve-2022-3564",
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3564"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-3564"
},
{
"cve": "CVE-2023-32233",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. This could lead to an unprivileged local user gaining root access.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-32233",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32233"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-32233"
},
{
"cve": "CVE-2023-35001",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace. This vulnerability could lead to local user privilege escalation.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-35001",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35001"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-35001"
},
{
"cve": "CVE-2023-3609",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local user privilege escalation.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-3609",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3609"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-3609"
},
{
"cve": "CVE-2023-42753",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A missing netfilter macro could lead to a miscalculation of the `h-\u003enets` array offset, providing attack-ers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bounds. This vulnerability may allow a local user to crash the system or potentially escalate their privileges.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-42753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42753"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-42753"
},
{
"cve": "CVE-2022-42898",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "PAC parsing in krb5 has integer overflows that may lead to denial of service.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - cve-2022-42898",
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42898"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2020-22218",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in function _libssh2_packet_add in libssh2 that allows attackers to access out of bounds memory. This could lead to a system crash by authenticated attacker.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2020-22218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22218"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-22218"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "description",
"text": "X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. When CRL checking is enabled, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-24329",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue in the urllib.parse component of Python allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Successful exploitation of this vulnerability could lead to addition or modification of data by an authenticated attacker.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-24329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24329"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-24329"
},
{
"cve": "CVE-2022-29154",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "Remote arbitrary files write inside the directories of connecting peers. A malicious rsync server can overwrite arbitrary files in the rsync client target directory and subdirectories.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2022-29154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29154"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-29154"
},
{
"cve": "CVE-2023-22809",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "description",
"text": "The sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This could lead to privilege escalation.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-22809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22809"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-22809"
},
{
"cve": "CVE-2022-25147",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Apache portable runtime utility issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions. This could lead to modification of data or denial of service.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-25147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25147"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-25147"
},
{
"cve": "CVE-2021-25220",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "description",
"text": "When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incor-rect answers. This could cause DNS cache poisoning that could potentially lead to a denial of service and information disclosure by an authenticated attacker.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2021-25220",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25220"
}
],
"remediations": [
{
"category": "mitigation",
"details": "\nMitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n3.\tARM600 system is by default not dependent on the name service (DNS). If name service is not used in the system, the name service port (TCP/UDP port 53) can be blocked by a firewall.\n\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-25220"
},
{
"cve": "CVE-2022-2795",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "Processing large delegations may severely degrade resolver performance effectively denying legitimate clients access to the DNS resolution service. This could cause a denial-of-service conditions.",
"title": "CVE Descritpion"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-2795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2795"
}
],
"remediations": [
{
"category": "mitigation",
"details": "\nMitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n3.\tARM600 system is by default not dependent on the name service (DNS). If name service is not used in the system, the name service port (TCP/UDP port 53) can be blocked by a firewall.\n\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 2.5,
"environmentalSeverity": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-2795"
},
{
"cve": "CVE-2022-43750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel allows a user-space client to corrupt the monitor\u0027s internal memory. This could lead to denial-of-service or information disclosure conditions by an authenticated attacker.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2022-43750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43750"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.2,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2022-43750"
},
{
"cve": "CVE-2023-20569",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "description",
"text": "Return Address Predictor vulnerability leading to information disclosure in certain AMD processors. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure. Note: ARM600 servers utilize Intel processors, but there may be ARM600 SW installations running in AMD processor environments.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2023-20569",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20569"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n\n14.\tIn ARM600SW installations, avoid servers with AMD processors vulnerable to the following: CVE-2021-26401, CVE-2023-20569 and CVE-2023-20593.\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-20593",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "Cross-Process Information Leak in certain AMD processors. This could lead to an attacker potentially accessing confidential information. Note: ARM600 servers utilize Intel processors, but there may be ARM600 SW installations running in AMD processor environments.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-20593",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20593"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.1,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-40217",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "description",
"text": "If a TLS server side socket is created, receives data, and then closes quickly, there\u0027s a brief window where the SSLSocket instance detects it as \"not connected\" and won\u0027t initiate a handshake. Buffered data remains readable but unauthenticated if client certificate authentication is expected. This data is limited to the buffer size. An unauthenticated attacker could exploit this vulnerability for revealing sensitive information from the server.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2023-40217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40217"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.9,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-40217"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "description",
"text": "Remote attackers may bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.4,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "description",
"text": "TLS protocol version 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2 do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD- CVE-2013-0169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2013-0169"
},
{
"cve": "CVE-2012-4929",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"notes": [
{
"category": "description",
"text": "The TLS protocol 1.2 and earlier can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD-CVE-2012-4929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4929"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n1.\tObtain a cellular private access point (APN). A dedicated private cellular access point and respective SIM card subscriptions can be requested from your cellular service provider. This service doesn\u2019t expose the traffic between remote sites and main site to the internet but rather uses cellular operator\u2019s private wide area network (WAN). Therefore, the ARM600 wouldn\u2019t need open ports to the internet.\n\n2.\tAvoid exposing any system component to the internet. If, however, the ARM600 is exposed to the internet, only the VPN port should be opened towards the internet (e.g., Patrol management connections can be configured to use VPN tunnel and remote administration connections can be implemented by using OpenVPN PC-client).\n\n4.\tPerform firewall configuration by the \"allowlisting\" principle, i.e., explicitly allowing only the required ports and protocols and blocking any other traffic.\n\n\n6.\tIf the internet is used as a WAN media for carrying VPN tunnels, use Demilitarized Zone (DMZ) for terminating connections from the internet (i.e., the remote connections should terminate to the DMZ network, which would be segregated from other networks by a firewall. The ARM600 server would be located into this DMZ).\n\n7.\tChange the default user credentials of ARM600 and Arctic wireless gateways into non-defaults and use complex non-guessable passwords with special characters. Do not reuse passwords within the system.\n\n\n8.\tUse administrator (i.e., root user) privileges only when required by the task.\n\n\n9.\tSupporting systems, such as PCs used for configuration, should be frequently updated. If possible, use dedicated site PCs for upgrading and engineering purposes. At minimum, PCs should be investigated by running a full virus scan with recently updated signature files before introducing the PC to the OT system. \n\nAny data, such as device configurations and firmware update files transferred to the Arctic system should be virus scanned prior to transferring.\n\n\n10.\tIntroduce a backup policy, which will ensure periodical backups and backup revision numbering. Consider the following:\na.\tCheck that the entire system has backups available from all applicable parts.\nb.\tStore the backups in a safe place (e.g. in an encrypted storage), restricted by role-based access control mechanisms.\nc.\tEnsure the security of the configuration PCs that may have local copies of device configurations.\nd.\tValidate the backups to make sure that they\u2019re working.\n\n\n11.\tFollow cyber security best practices for installation, operation, and decommissioning as described in the product\u2019s Cyber Security Deployment Guideline and User Manual.\n\n\n12.\tUse continuous monitoring (e.g., intrusion detection/prevention tools) to detect anomalies in the system\n\n\n13.\tConsider hardening the system according to the following:\na.\tRemove any unnecessary communication links in the system.\nb.\tIf possible, close unused physical ports.\nc.\tOpen only the necessary TCP/UDP ports in the configuration.\nd.\tRemove all unnecessary user accounts.\ne.\tRestrict traffic by firewall.\nf.\tAllow the traffic only from/to necessary hosts\u0027 IP addresses (i.e., define both source and destination in the firewall rules, where possible).\ng.\tDefine client IP address as allowed address in SCADA communication protocols, if such configuration is supported.\nh.\tRemove or deactivate all unused processes, communication ports and services, where possible.\ni.\tUse physical access controls to the system installations (e.g., to server rooms and device cabinets). \n\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.4,
"environmentalSeverity": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.4,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2012-4929"
},
{
"cve": "CVE-1999-0524",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "The \u201cICMP Timestamp Request Remote Date Disclosure\u201d vulnerability involves the use of ICMP (internet Control Message Protocol) to request and receive timestamp information from a target system.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-1999-0524",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0524"
}
],
"remediations": [
{
"category": "mitigation",
"details": "\nMitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. The following mitigations are recommended.\n\n5.\tFilter specific ICMP packets from external systems (ICMP type 13 and 14) by firewall for not exposing the system time.\n\nRefer to section General security recommendations for additional advice on how to keep your system secure.\n",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "FUNCTIONAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "TEMPORARY_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:T/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-1999-0524"
}
]
}
ICSA-25-162-05
Vulnerability from csaf_cisa - Published: 2025-06-10 00:00 - Updated: 2026-05-14 06:00Summary
Siemens SIMATIC S7-1500 CPU family
Notes
Summary: Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).
Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Siemens ProductCERT SSA-082556 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Germany
7.0 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.9 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
9.8 (Critical)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
8.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-73
- External Control of File Name or Path
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.9 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
8.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
8.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.0 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-150
- Improper Neutralization of Escape, Meta, or Control Sequences
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.6 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.0 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.0 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.2 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.4 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
9.8 (Critical)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.3 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.3 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-401
- Missing Release of Memory after Effective Lifetime
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.8 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.9 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-252
- Unchecked Return Value
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-125
- Out-of-bounds Read
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.8 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.3 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.0 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.6 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-407
- Inefficient Algorithmic Complexity
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
References
247 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reported these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).\n\nSiemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-082556 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-082556.json"
},
{
"category": "self",
"summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-162-05 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-162-05.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-162-05 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens SIMATIC S7-1500 CPU family",
"tracking": {
"current_release_date": "2026-05-14T06:00:00.000000Z",
"generator": {
"date": "2026-05-13T15:52:08.130074Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-25-162-05",
"initial_release_date": "2025-06-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2025-06-10T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-08-12T00:00:00.000000Z",
"legacy_version": "Additional Release 1",
"number": "2",
"summary": "Added CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990"
},
{
"date": "2026-01-13T00:00:00.000000Z",
"legacy_version": "Additional Release 2",
"number": "3",
"summary": "Added CVE-2025-66382, CVE-2025-39929, CVE-2025-39931, CVE-2025-39977, CVE-2025-40022, CVE-2025-11082, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-9230, CVE-2025-9232, CVE-2025-3198, CVE-2025-5244, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546, CVE-2025-8224, CVE-2025-7425, CVE-2025-59375"
},
{
"date": "2026-01-14T22:00:07.322959Z",
"legacy_version": "Additional Release 3",
"number": "4",
"summary": "CISA Republication - Initial Republication of Siemens ProductCERT SSA-082556 advisory"
},
{
"date": "2026-02-10T00:00:00.000000Z",
"legacy_version": "Additional Release 4",
"number": "5",
"summary": "Added 22 CVEs"
},
{
"date": "2026-02-12T07:00:00.000000Z",
"legacy_version": "Additional Release 5",
"number": "6",
"summary": "CISA Republication update based on Siemens ProductCERT SSA-082556 advisory"
},
{
"date": "2026-03-10T00:00:00.000000Z",
"legacy_version": "Additional Release 6",
"number": "7",
"summary": "Added 36 CVEs"
},
{
"date": "2026-03-12T06:00:00.000000Z",
"legacy_version": "Additional Release 7",
"number": "8",
"summary": "CISA Republication update based on Siemens ProductCERT SSA-082556 advisory"
},
{
"date": "2026-05-12T00:00:00.000000Z",
"legacy_version": "Additional Release 8",
"number": "9",
"summary": "Added CVE-2026-31431"
},
{
"date": "2026-05-14T06:00:00.000000Z",
"legacy_version": "Latest Updated CISA Republication",
"number": "10",
"summary": "CISA Republication update based on Siemens ProductCERT SSA-082556 advisory"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4AX00-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4AX00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4FX00-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4FX00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6AG1518-4AX00-4AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41617",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2021-41617"
},
{
"cve": "CVE-2023-4527",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-4527"
},
{
"cve": "CVE-2023-4806",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-4806"
},
{
"cve": "CVE-2023-4911",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A buffer overflow was discovered in the GNU C Library\u0027s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-4911"
},
{
"cve": "CVE-2023-5363",
"cwe": {
"id": "CWE-684",
"name": "Incorrect Provision of Specified Functionality"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\u0027s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/684.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-6246",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-6246"
},
{
"cve": "CVE-2023-6779",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-6779"
},
{
"cve": "CVE-2023-6780",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/131.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-6780"
},
{
"cve": "CVE-2023-28531",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28531"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-28531"
},
{
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.\r\n\r\nWhen curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.\r\n\r\nIf the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means \"let the host resolve the name\" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-38545"
},
{
"cve": "CVE-2023-38546",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "summary",
"text": "This flaw allows an attacker to insert cookies at will into a running program\r\nusing libcurl, if the specific series of conditions are met.\r\n\r\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\r\nthat are the individual handles for single transfers.\r\n\r\nlibcurl provides a function call that duplicates en easy handle called\r\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\r\n\r\nIf a transfer has cookies enabled when the handle is duplicated, the\r\ncookie-enable state is also cloned - but without cloning the actual\r\ncookies. If the source handle did not read any cookies from a specific file on\r\ndisk, the cloned version of the handle would instead store the file name as\r\n`none` (using the four ASCII letters, no quotes).\r\n\r\nSubsequent use of the cloned handle that does not explicitly set a source to\r\nload cookies from would then inadvertently load cookies from a file named\r\n`none` - if such a file exists and is readable in the current directory of the\r\nprogram using libcurl. And if using the correct file format of course.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/73.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-38546"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "summary",
"text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\u0027s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/201.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46219",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-46219"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "summary",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/222.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51384",
"cwe": {
"id": "CWE-304",
"name": "Missing Critical Step in Authentication"
},
"notes": [
{
"category": "summary",
"text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/304.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-51384"
},
{
"cve": "CVE-2023-51385",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2023-52927",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52927"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6119",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don\u0027t perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/843.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-6119"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"notes": [
{
"category": "summary",
"text": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/364.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/407.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-12243",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/407.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-24855",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24855"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-24855"
},
{
"cve": "CVE-2024-26596",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: dsa: netdev_priv() dereference before check on non-DSA netdevice events.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26596"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-28085",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "summary",
"text": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users\u0027 terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/150.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-28085"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "nscd: Stack-based buffer overflow in netgroup cache\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\r\nby client requests then a subsequent client request for netgroup data\r\nmay result in a stack-based buffer overflow. This flaw was introduced\r\nin glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "nscd: Null pointer crashes after notfound response\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\r\nnetgroup response to the cache, the client request can result in a null\r\npointer dereference. This flaw was introduced in glibc 2.15 when the\r\ncache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "nscd: netgroup cache may terminate daemon on memory allocation failure\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\r\nxrealloc and these functions may terminate the process due to a memory\r\nallocation failure resulting in a denial of service to the clients. The\r\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "summary",
"text": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\r\nwhen the NSS callback does not store all strings in the provided buffer.\r\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/466.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-34397",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-34397"
},
{
"cve": "CVE-2024-37370",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/130.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-37370"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/130.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/131.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50246",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/ntfs3: Add rough attr alloc_size check",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-50246"
},
{
"cve": "CVE-2024-53166",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "block, bfq: bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-\u003elock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-53166"
},
{
"cve": "CVE-2024-57924",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem \u003eencode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when -\u003eencode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of -\u003eencode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels \u003c v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels \u003c v6.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-57924"
},
{
"cve": "CVE-2024-57977",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "memcg: A soft lockup vulnerability in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-57977"
},
{
"cve": "CVE-2024-57996",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "net_sched: sch_sfq: vulnerability caused by incorrectly handling a packet limit of 1, leading to an array-index-out-of-bounds error and subsequent crash when the queue length is decremented for an empty slot.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/129.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-58005",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tpm: Change to kvalloc() in eventlog/acpi.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2025-3198",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-3198"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/124.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/364.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-4598"
},
{
"cve": "CVE-2025-5244",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5244"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-5244"
},
{
"cve": "CVE-2025-5245",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-5245"
},
{
"cve": "CVE-2025-6395",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-6395"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7545",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/116.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-7545"
},
{
"cve": "CVE-2025-7546",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-7546"
},
{
"cve": "CVE-2025-8224",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8224"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-8224"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9232",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2025-11082",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11082"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11082"
},
{
"cve": "CVE-2025-11083",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11083"
},
{
"cve": "CVE-2025-11412",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11412"
},
{
"cve": "CVE-2025-11413",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11413"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11413"
},
{
"cve": "CVE-2025-11414",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11414"
},
{
"cve": "CVE-2025-11494",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11494"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11494"
},
{
"cve": "CVE-2025-11495",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11495"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11495"
},
{
"cve": "CVE-2025-11839",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "summary",
"text": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11839"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/252.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11839"
},
{
"cve": "CVE-2025-11840",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11840"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11840"
},
{
"cve": "CVE-2025-21701",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "net: vulnerability arises because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, leading to potential use of destroyed locks, which is fixed by denying operations on devices being unregistered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21701"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21702",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-21712",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "md/md-bitmap: vulnerability caused by bitmap_get_stats() can be called even if the bitmap is destroyed or not fully initialized, leading to a kernel crash, which is fixed by synchronizing bitmap_get_stats() with bitmap_info.mutex.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21712"
},
{
"cve": "CVE-2025-21724",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index(). Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index() where shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift (an unsigned long value) could result in undefined behavior. The constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds 31 (e.g., pgshift = 63) the shift operation overflows, as the result cannot be represented in a 32-bit type.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21745",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\r\n\r\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\r\nclass_dev_iter_(init|next)(), but does not end iterating with\r\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\r\n\r\nFix by ending the iterating with class_dev_iter_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21745"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21758",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21758"
},
{
"cve": "CVE-2025-21765",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv4: use RCU protection in __ip_rt_update_pmtu(). __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clocksource_verify_percpu.part.0+0x6b/0x330 clocksource_watchdog_kthread+0x193/0x1a0 It is due to the fact that clocksource_verify_choose_cpus() is invoked with preemption disabled. This function invokes get_random_u32() to obtain random numbers for choosing CPUs. The batched_entropy_32 local lock and/or the base_crng.lock spinlock in driver/char/random.c will be acquired during the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot be acquired in atomic context. Fix this problem by using migrate_disable() to allow smp_processor_id() to be reliably used without introducing atomic context. preempt_disable() is then called after clocksource_verify_choose_cpus() but before the clocksource measurement is being run to avoid introducing unexpected latency.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSD: hang in nfsd4_shutdown_callback. If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21848",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\r\n\r\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\r\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21862",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "drop_monitor: incorrect initialization order. If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: drop secpath at the same time as we currently drop dst\r\n\r\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\r\nrunning tests that boil down to:\r\n - create a pair of netns\r\n - run a basic TCP test over ipcomp6\r\n - delete the pair of netns\r\n\r\nThe xfrm_state found on spi_byaddr was not deleted at the time we\r\ndelete the netns, because we still have a reference on it. This\r\nlingering reference comes from a secpath (which holds a ref on the\r\nxfrm_state), which is still attached to an skb. This skb is not\r\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\r\nskb_attempt_defer_free.\r\n\r\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\r\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\r\nthat case, we still have a reference on the xfrm_state that we don\u0027t\r\nexpect at this point.\r\n\r\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\r\nlonger needed, so let\u0027s also drop the secpath. At this point,\r\ntcp_filter has already called into the LSM hooks that may require the\r\nsecpath, so it should not be needed anymore. However, in some of those\r\nplaces, the MPTCP extension has just been attached to the skb, so we\r\ncannot simply drop all extensions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Commit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns dismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger -\u003edellink() twice for the same device during -\u003eexit_batch_rtnl().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21865"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-26465",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/390.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-26465"
},
{
"cve": "CVE-2025-31115",
"cwe": {
"id": "CWE-366",
"name": "Race Condition within a Thread"
},
"notes": [
{
"category": "summary",
"text": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/366.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-31115"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/415.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-32988"
},
{
"cve": "CVE-2025-32989",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-32989"
},
{
"cve": "CVE-2025-38058",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see that it\u0027s safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where it\u0027ll be a full-blown mntput(). Check under mount_lock is needed; leaving the current one done before taking that makes no sense - it\u0027s nowhere near common enough to bother with.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38063",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQ_PREFLUSH When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() generates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC, which causes the flush_bio to be throttled by wbt_wait()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38063"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38063"
},
{
"cve": "CVE-2025-38067",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior to registration, however this is not currently enforced by the kernel. This can result in a segfault on return to user-space if the value stored in the rseq_cs field doesn\u0027t point to a valid struct rseq_cs. The correct solution to this would be to fail the rseq registration when the rseq_cs field is non-zero. However, some older versions of glibc will reuse the rseq area of previous threads without clearing the rseq_cs field and will also terminate the process if the rseq registration fails in a secondary thread. This wasn\u0027t caught in testing because in this case the leftover rseq_cs does point to a valid struct rseq_cs. What we can do is clear the rseq_cs field on registration when it\u0027s non-zero which will prevent segfaults on registration and won\u0027t break the glibc versions that reuse rseq areas on thread creation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38067"
},
{
"cve": "CVE-2025-38071",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblock_phys_alloc_range() At least with CONFIG_PHYSICAL_START=0x100000, if there is \u003c 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblock_phys_alloc_range() returns 0 on failure, which leads memblock_phys_free() to throw the first 4 MiB of physical memory to the wolves. At a minimum it should fail gracefully with a meaningful diagnostic, but in fact everything seems to work fine without the weird reserve allocation",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38071"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38071"
},
{
"cve": "CVE-2025-38079",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/415.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent\u0027s qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38100",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated during fork(). io_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up in tss_update_io_bitmap(). tss_update_io_bitmap() operates on the current task. If current has TIF_IO_BITMAP set, but no bitmap installed, tss_update_io_bitmap() crashes with a NULL pointer dereference. There are two issues, which lead to that problem: 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when the task, which is cleaned up, is not the current task. That\u0027s a clear indicator for a cleanup after a failed fork(). 2) A task should not have TIF_IO_BITMAP set and neither a bitmap installed nor IOPL emulation level 3 activated. This happens when a kernel thread is created in the context of a user space thread, which has TIF_IO_BITMAP set as the thread flags are copied and the IO bitmap pointer is cleared. Other than in the failed fork() case this has no impact because kernel threads including IO workers never return to user space and therefore never invoke tss_update_io_bitmap(). Cure this by adding the missing cleanups and checks: 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if the to be cleaned up task is not the current task. 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user space forks it is set later, when the IO bitmap is inherited in io_bitmap_share(). For paranoia sake, add a warning into tss_update_io_bitmap() to catch the case, when that code is invoked with inconsistent state",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38100"
},
{
"cve": "CVE-2025-38111",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like \u0027mdio-tools\u0027 to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed to the ioctl and it accepts any mdio address. Currently there is support for 32 addresses in kernel via PHY_MAX_ADDR define, but it is possible to pass higher value than that via ioctl. While read/write operation should generally fail in this case, mdiobus provides stats array, where wrong address may allow out-of-bounds read/write. Fix that by adding address verification before read/write operation. While this excludes this access from any statistics, it improves security of read/write operation",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38124",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after pull from frag_list\") detected invalid geometry in frag_list skbs and redirects them from skb_segment_list to more robust skb_segment. But some packets with modified geometry can also hit bugs in that code",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38124"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38167",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help manage potential errors consistently. Additionally, error handling for the return value already exists at other points where this function is called. Found by Linux Verification Center (linuxtesting.org) with SVACE",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38167"
},
{
"cve": "CVE-2025-38198",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the \"store_modes\" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type \u0027fb_info *[32]\u0027 ... fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673 store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113 dev_attr_store+0x55/0x80 drivers/base/core.c:2439 static struct fb_info *fbcon_registered_fb[FB_MAX]; ... static signed char con2fb_map[MAX_NR_CONSOLES]; ... static struct fb_info *fbcon_info_from_console(int console) ... return fbcon_registered_fb[con2fb_map[console]]; If con2fb_map contains a -1 things go wrong here. Instead, return NULL, as callers of fbcon_info_from_console() are trying to compare against existing \"info\" pointers, so error handling should kick in correctly",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38198"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/129.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38212",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipc: fix to protect IPCS lookups using RCU\r\n\r\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\r\n\r\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\r\n\r\nidr_for_each() is protected by rwsem, but this is not enough. If it is\r\nnot protected by RCU read-critical region, when idr_for_each() calls\r\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\r\nstructure, the node will be freed immediately, and when reading the next\r\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\r\n\r\nTherefore, we need to add code to make sure that idr_for_each() is\r\nprotected within the RCU read-critical region when we call it in\r\nshm_destroy_orphaned().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38214",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\r\n\r\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\r\nfb_videomode, later it may lead to a null-ptr dereference in\r\nfb_videomode_to_var(), as the fb_info is registered while not having the\r\nmode in modelist that is expected to be there, i.e. the one that is\r\ndescribed in fb_info-\u003evar.\r\n\r\n================================================================\r\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\r\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\r\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\r\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\r\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\r\nCall Trace:\r\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\r\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\r\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\r\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\r\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\r\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\r\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\r\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\r\n vfs_ioctl fs/ioctl.c:48 [inline]\r\n __do_sys_ioctl fs/ioctl.c:753 [inline]\r\n __se_sys_ioctl fs/ioctl.c:739 [inline]\r\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\r\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\r\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\r\n================================================================\r\n\r\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\r\nthen fb_videomode_to_var() is called. If it fails to add the mode to\r\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\r\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\r\nit is done earlier in the function.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38214"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\r\n\r\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\r\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\r\nfb_videomode_to_var(), as the fb_info is registered while not having the\r\nmode in modelist that is expected to be there, i.e. the one that is\r\ndescribed in fb_info-\u003evar.\r\n\r\n================================================================\r\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\r\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\r\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\r\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\r\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\r\nCall Trace:\r\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\r\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\r\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\r\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\r\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\r\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\r\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\r\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\r\n vfs_ioctl fs/ioctl.c:48 [inline]\r\n __do_sys_ioctl fs/ioctl.c:753 [inline]\r\n __se_sys_ioctl fs/ioctl.c:739 [inline]\r\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\r\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\r\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\r\n================================================================\r\n\r\nEven though fbcon_init() checks beforehand if fb_match_mode() in\r\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\r\ndoes not return error code. Considering this and the comment in the code\r\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\r\nbetter to prevent registering the fb_info if its mode was not set\r\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\r\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38215"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38222",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: inline: fix len overflow in ext4_prepare_inline_data\r\n\r\nWhen running the following code on an ext4 filesystem with inline_data\r\nfeature enabled, it will lead to the bug below.\r\n\r\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\r\n ftruncate(fd, 30);\r\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\r\n\r\nThat happens because write_begin will succeed as when\r\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\r\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\r\ninstead of 0x10000000006.\r\n\r\nThen, later when write_end is called, we hit:\r\n\r\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\r\n\r\nat ext4_write_inline_data.\r\n\r\nFix it by using a loff_t type for the len parameter in\r\next4_prepare_inline_data instead of an unsigned int.\r\n\r\n[ 44.545164] ------------[ cut here ]------------\r\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\r\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\r\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\r\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\r\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\r\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\r\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\r\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\r\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\r\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\r\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\r\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\r\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\r\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\r\n[ 44.546523] PKRU: 55555554\r\n[ 44.546523] Call Trace:\r\n[ 44.546523] \u003cTASK\u003e\r\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\r\n[ 44.546523] generic_perform_write+0x17e/0x270\r\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\r\n[ 44.546523] vfs_write+0x2be/0x3e0\r\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\r\n[ 44.546523] do_syscall_64+0x6a/0xf0\r\n[ 44.546523] ? __wake_up+0x89/0xb0\r\n[ 44.546523] ? xas_find+0x72/0x1c0\r\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\r\n[ 44.546523] ? set_pte_range+0x1a6/0x270\r\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\r\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\r\n[ 44.546523] ? do_pte_missing+0x128/0xf70\r\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\r\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\r\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\r\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\r\n[ 44.546523] ? do_syscall_64+0x76/0xf0\r\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\r\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\r\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\r\n[ 44.546523] RIP: 0033:0x7f42999c6687\r\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\r\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\r\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\r\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\r\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\r\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38231",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\r\n\r\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\r\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\r\nthis can cause NULL pointer dereference.\r\n\r\nNormally the delayed start of laundromat_work allows sufficient time for\r\nnfsd_ssc initialization to complete. However, when the kernel waits too\r\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\r\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\r\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\r\ndelayed work may start before nfsd_ssc initialization finishes.\r\n\r\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38236",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\naf_unix: Don\u0027t leave consecutive consumed OOB skbs.\r\n\r\nJann Horn reported a use-after-free in unix_stream_read_generic().\r\n\r\nThe following sequences reproduce the issue:\r\n\r\n $ python3\r\n from socket import *\r\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\r\n s1.send(b\u0027x\u0027, MSG_OOB)\r\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\r\n s1.send(b\u0027y\u0027, MSG_OOB)\r\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\r\n s1.send(b\u0027z\u0027, MSG_OOB)\r\n s2.recv(1) # recv \u0027z\u0027 illegally\r\n s2.recv(1, MSG_OOB) # access \u0027z\u0027 skb (use-after-free)\r\n\r\nEven though a user reads OOB data, the skb holding the data stays on\r\nthe recv queue to mark the OOB boundary and break the next recv().\r\n\r\nAfter the last send() in the scenario above, the sk2\u0027s recv queue has\r\n2 leading consumed OOB skbs and 1 real OOB skb.\r\n\r\nThen, the following happens during the next recv() without MSG_OOB\r\n\r\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\r\n 2. manage_oob() returns the next consumed OOB skb\r\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\r\n 4. unix_stream_read_generic() reads and frees the OOB skb\r\n\r\n, and the last recv(MSG_OOB) triggers KASAN splat.\r\n\r\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\r\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\r\nOOB skbs.\r\n\r\n while (skip \u003e= unix_skb_len(skb)) {\r\n skip -= unix_skb_len(skb);\r\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\r\n ...\r\n }\r\n\r\nIn addition to this use-after-free, there is another issue that\r\nioctl(SIOCATMARK) does not function properly with consecutive consumed\r\nOOB skbs.\r\n\r\nSo, nothing good comes out of such a situation.\r\n\r\nInstead of complicating manage_oob(), ioctl() handling, and the next\r\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\r\nlet\u0027s not leave such consecutive OOB unnecessarily.\r\n\r\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\r\nprevious skb is a consumed OOB skb, it is freed.\r\n\r\n[0]:\r\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\r\nRead of size 4 at addr ffff888106ef2904 by task python3/315\r\n\r\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\r\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\r\nCall Trace:\r\n \u003cTASK\u003e\r\n dump_stack_lvl (lib/dump_stack.c:122)\r\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\r\n kasan_report (mm/kasan/report.c:636)\r\n unix_stream_read_actor (net/unix/af_unix.c:3027)\r\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\r\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\r\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\r\n __sys_recvfrom (net/socket.c:2278)\r\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\r\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\r\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\r\nRIP: 0033:0x7f8911fcea06\r\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\r\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\r\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\r\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\r\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\r\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\r\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\r\n \u003c/TASK\u003e\r\n\r\nAllocated by task 315:\r\n kasan_save_stack (mm/kasan/common.c:48)\r\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\r\n __kasan_slab_alloc (mm/kasan/common.c:348)\r\n kmem_cache_alloc_\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38236"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38236"
},
{
"cve": "CVE-2025-38280",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Avoid __bpf_prog_ret0_warn when jit fails\r\n\r\nsyzkaller reported an issue:\r\n\r\nWARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357\r\nModules linked in:\r\nCPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39\r\nRIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357\r\nCall Trace:\r\n \u003cTASK\u003e\r\n bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]\r\n __bpf_prog_run include/linux/filter.h:718 [inline]\r\n bpf_prog_run include/linux/filter.h:725 [inline]\r\n cls_bpf_classify+0x74a/0x1110 net/sched/cls_bpf.c:105\r\n ...\r\n\r\nWhen creating bpf program, \u0027fp-\u003ejit_requested\u0027 depends on bpf_jit_enable.\r\nThis issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set\r\nand bpf_jit_enable is set to 1, causing the arch to attempt JIT the prog,\r\nbut jit failed due to FAULT_INJECTION. As a result, incorrectly\r\ntreats the program as valid, when the program runs it calls\r\n`__bpf_prog_ret0_warn` and triggers the WARN_ON_ONCE(1).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38280"
},
{
"cve": "CVE-2025-38285",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix WARN() in get_bpf_raw_tp_regs\r\n\r\nsyzkaller reported an issue:\r\n\r\nWARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861\r\nModules linked in:\r\nCPU: 3 UID: 0 PID: 5971 Comm: syz-executor205 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full)\r\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\r\nRIP: 0010:get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861\r\nRSP: 0018:ffffc90003636fa8 EFLAGS: 00010293\r\nRAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff81c6bc4c\r\nRDX: ffff888032efc880 RSI: ffffffff81c6bc83 RDI: 0000000000000005\r\nRBP: ffff88806a730860 R08: 0000000000000005 R09: 0000000000000003\r\nR10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000004\r\nR13: 0000000000000001 R14: ffffc90003637008 R15: 0000000000000900\r\nFS: 0000000000000000(0000) GS:ffff8880d6cdf000(0000) knlGS:0000000000000000\r\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nCR2: 00007f7baee09130 CR3: 0000000029f5a000 CR4: 0000000000352ef0\r\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\r\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\r\nCall Trace:\r\n \u003cTASK\u003e\r\n ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1934 [inline]\r\n bpf_get_stack_raw_tp+0x24/0x160 kernel/trace/bpf_trace.c:1931\r\n bpf_prog_ec3b2eefa702d8d3+0x43/0x47\r\n bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]\r\n __bpf_prog_run include/linux/filter.h:718 [inline]\r\n bpf_prog_run include/linux/filter.h:725 [inline]\r\n __bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]\r\n bpf_trace_run3+0x23f/0x5a0 kernel/trace/bpf_trace.c:2405\r\n __bpf_trace_mmap_lock_acquire_returned+0xfc/0x140 include/trace/events/mmap_lock.h:47\r\n __traceiter_mmap_lock_acquire_returned+0x79/0xc0 include/trace/events/mmap_lock.h:47\r\n __do_trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:47 [inline]\r\n trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:47 [inline]\r\n __mmap_lock_do_trace_acquire_returned+0x138/0x1f0 mm/mmap_lock.c:35\r\n __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]\r\n mmap_read_trylock include/linux/mmap_lock.h:204 [inline]\r\n stack_map_get_build_id_offset+0x535/0x6f0 kernel/bpf/stackmap.c:157\r\n __bpf_get_stack+0x307/0xa10 kernel/bpf/stackmap.c:483\r\n ____bpf_get_stack kernel/bpf/stackmap.c:499 [inline]\r\n bpf_get_stack+0x32/0x40 kernel/bpf/stackmap.c:496\r\n ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1941 [inline]\r\n bpf_get_stack_raw_tp+0x124/0x160 kernel/trace/bpf_trace.c:1931\r\n bpf_prog_ec3b2eefa702d8d3+0x43/0x47\r\n\r\nTracepoint like trace_mmap_lock_acquire_returned may cause nested call\r\nas the corner case show above, which will be resolved with more general\r\nmethod in the future. As a result, WARN_ON_ONCE will be triggered. As\r\nAlexei suggested, remove the WARN_ON_ONCE first.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38285"
},
{
"cve": "CVE-2025-38312",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\r\n\r\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\r\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\r\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\r\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\r\navoid such overflow...\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\r\nanalysis tool.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/369.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38342",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsoftware node: Correct a OOB check in software_node_get_reference_args()\r\n\r\nsoftware_node_get_reference_args() wants to get @index-th element, so\r\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\r\nbut that can not be guaranteed by current OOB check, and may cause OOB\r\nfor malformed property.\r\n\r\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38350",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38364",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\r\n\r\nTemporarily clear the preallocation flag when explicitly requesting\r\nallocations. Pre-existing allocations are already counted against the\r\nrequest through mas_node_count_gfp(), but the allocations will not happen\r\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\r\nre-allocating in bulk allocation mode, and to detect issues with\r\npreallocation calculations.\r\n\r\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\r\nso that detection of underflow allocations will print a WARN_ON() during\r\nconsumption.\r\n\r\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\r\ndereference when subsequent requests for larger number of nodes is\r\nignored, such as the vma merge retry in mmap_region() caused by drivers\r\naltering the vma flags (which happens in v6.6, at least)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38364"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38393",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\r\n\r\nWe found a few different systems hung up in writeback waiting on the same\r\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\r\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\r\nwas zero.\r\n\r\nIt seems most likely that this is another race between the waiter and waker\r\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\r\nFix it up by applying the advised barrier.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38400",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\r\n\r\nsyzbot reported a warning below [1] following a fault injection in\r\nnfs_fs_proc_net_init(). [0]\r\n\r\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\r\n\r\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\r\nis logged as the directory is not empty.\r\n\r\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\r\n\r\n[0]:\r\nFAULT_INJECTION: forcing a failure.\r\nname failslab, interval 1, probability 0, space 0, times 0\r\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\r\nCall Trace:\r\n \u003cTASK\u003e\r\n dump_stack_lvl (lib/dump_stack.c:123)\r\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\r\n should_failslab (mm/failslab.c:46)\r\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\r\n __proc_create (fs/proc/generic.c:427)\r\n proc_create_reg (fs/proc/generic.c:554)\r\n proc_create_net_data (fs/proc/proc_net.c:120)\r\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\r\n nfs_net_init (fs/nfs/inode.c:2600)\r\n ops_init (net/core/net_namespace.c:138)\r\n setup_net (net/core/net_namespace.c:443)\r\n copy_net_ns (net/core/net_namespace.c:576)\r\n create_new_namespaces (kernel/nsproxy.c:110)\r\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\r\n ksys_unshare (kernel/fork.c:3123)\r\n __x64_sys_unshare (kernel/fork.c:3190)\r\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\r\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\r\n \u003c/TASK\u003e\r\n\r\n[1]:\r\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\r\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\r\nModules linked in:\r\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\r\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\r\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\r\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\r\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\r\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\r\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\r\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\r\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\r\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\r\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\r\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\r\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\r\nCall Trace:\r\n \u003cTASK\u003e\r\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\r\n ops_exit_list net/core/net_namespace.c:200 [inline]\r\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\r\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\r\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\r\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\r\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\r\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\r\n __do_sys_unshare kernel/fork.c:3192 [inline]\r\n __se_sys_unshare kernel/fork.c:3190 [inline]\r\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\r\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\r\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\nRIP: 0033:0x7fa1a6b8e929\r\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38430",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\r\n\r\nIf the request being processed is not a v4 compound request, then\r\nexamining the cstate can have undefined results.\r\n\r\nThis patch adds a check that the rpc procedure being executed\r\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38451",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmd/md-bitmap: fix GPF in bitmap_get_stats()\r\n\r\nThe commit message of commit 6ec1f0239485 (\"md/md-bitmap: fix stats\r\ncollection for external bitmaps\") states:\r\n\r\n Remove the external bitmap check as the statistics should be\r\n available regardless of bitmap storage location.\r\n\r\n Return -EINVAL only for invalid bitmap with no storage (neither in\r\n superblock nor in external file).\r\n\r\nBut, the code does not adhere to the above, as it does only check for\r\na valid super-block for \"internal\" bitmaps. Hence, we observe:\r\n\r\nOops: GPF, probably for non-canonical address 0x1cd66f1f40000028\r\nRIP: 0010:bitmap_get_stats+0x45/0xd0\r\nCall Trace:\r\n\r\n seq_read_iter+0x2b9/0x46a\r\n seq_read+0x12f/0x180\r\n proc_reg_read+0x57/0xb0\r\n vfs_read+0xf6/0x380\r\n ksys_read+0x6d/0xf0\r\n do_syscall_64+0x8c/0x1b0\r\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\r\n\r\nWe fix this by checking the existence of a super-block for both the\r\ninternal and external case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38451"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38451"
},
{
"cve": "CVE-2025-38457",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\r\n\r\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\r\nWhenever a user creates/modifies a qdisc specifying as a parent another\r\nqdisc, the qdisc API will, during grafting, detect that the user is\r\nnot trying to attach to a class and reject. However grafting is\r\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\r\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\r\nduring init or change (such as fq, hhf, choke, etc), an issue\r\narises. For example, executing the following commands:\r\n\r\nsudo tc qdisc add dev lo root handle a: htb default 2\r\nsudo tc qdisc add dev lo parent a: handle beef fq\r\n\r\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\r\nqdisc_tree_reduce_backlog() in their control path init() or change() which\r\nthen causes a failure to find the child class; however, that does not stop\r\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\r\na null class. All these qdiscs make the assumption that class is non-null.\r\n\r\nThe solution is ensure that qdisc_leaf() which looks up the parent\r\nclass, and is invoked prior to qdisc_create(), should return failure on\r\nnot finding the class.\r\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\r\nparentid doesn\u0027t correspond to a class, so that we can detect it\r\nearlier on and abort before qdisc_create is called.\r\n\r\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38465",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\r\n\r\nNetlink has this pattern in some places\r\n\r\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\r\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\r\n\r\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\r\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\r\n\r\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\r\nis always false as the two operands are of int.\r\n\r\nThen, a single socket can eat as many skb as possible until OOM\r\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\r\n\r\nLet\u0027s fix it by using atomic_add_return() and comparing the two\r\nvariables as unsigned int.\r\n\r\nBefore:\r\n [root@fedora ~]# ss -f netlink\r\n Recv-Q Send-Q Local Address:Port Peer Address:Port\r\n -1668710080 0 rtnl:nl_wraparound/293 *\r\n\r\nAfter:\r\n [root@fedora ~]# ss -f netlink\r\n Recv-Q Send-Q Local Address:Port Peer Address:Port\r\n 2147483072 0 rtnl:nl_wraparound/290 *\r\n ^\r\n `--- INT_MAX - 576",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38466",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nperf: Revert to requiring CAP_SYS_ADMIN for uprobes\r\n\r\nJann reports that uprobes can be used destructively when used in the\r\nmiddle of an instruction. The kernel only verifies there is a valid\r\ninstruction at the requested offset, but due to variable instruction\r\nlength cannot determine if this is an instruction as seen by the\r\nintended execution stream.\r\n\r\nAdditionally, Mark Rutland notes that on architectures that mix data\r\nin the text segment (like arm64), a similar things can be done if the\r\ndata word is \u0027mistaken\u0027 for an instruction.\r\n\r\nAs such, require CAP_SYS_ADMIN for uprobes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38466"
},
{
"cve": "CVE-2025-38468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\r\n\r\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\r\n\r\ntc qdisc del dev lo root\r\ntc qdisc add dev lo root handle 1: htb default 1\r\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\r\ntc qdisc add dev lo parent 1:1 handle 2: netem\r\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\r\nping -I lo -c1 -W0.001 127.0.0.1\r\n\r\nThe root cause is the following:\r\n\r\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\r\n the selected leaf qdisc\r\n2. netem_dequeue calls enqueue on the child qdisc\r\n3. blackhole_enqueue drops the packet and returns a value that is not\r\n just NET_XMIT_SUCCESS\r\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\r\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\r\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\r\n5. As this is the only class in the selected hprio rbtree,\r\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\r\n NULL\r\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\r\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\r\n hprio rbtree, and fail the BUG_ON\r\n\r\nThe function graph for this scenario is shown here:\r\n 0) | htb_enqueue() {\r\n 0) + 13.635 us | netem_enqueue();\r\n 0) 4.719 us | htb_activate_prios();\r\n 0) # 2249.199 us | }\r\n 0) | htb_dequeue() {\r\n 0) 2.355 us | htb_lookup_leaf();\r\n 0) | netem_dequeue() {\r\n 0) + 11.061 us | blackhole_enqueue();\r\n 0) | qdisc_tree_reduce_backlog() {\r\n 0) | qdisc_lookup_rcu() {\r\n 0) 1.873 us | qdisc_match_from_root();\r\n 0) 6.292 us | }\r\n 0) 1.894 us | htb_search();\r\n 0) | htb_qlen_notify() {\r\n 0) 2.655 us | htb_deactivate_prios();\r\n 0) 6.933 us | }\r\n 0) + 25.227 us | }\r\n 0) 1.983 us | blackhole_dequeue();\r\n 0) + 86.553 us | }\r\n 0) # 2932.761 us | qdisc_warn_nonwc();\r\n 0) | htb_lookup_leaf() {\r\n 0) | BUG_ON();\r\n ------------------------------------------\r\n\r\nThe full original bug report can be seen here [1].\r\n\r\nWe can fix this just by returning NULL instead of the BUG_ON,\r\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\r\nNULL.\r\n\r\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38468"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\r\n\r\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\r\n8021q module will automatically add or remove VLAN 0 when the net device\r\nis put administratively up or down, respectively. There are a couple of\r\nproblems with the above scheme.\r\n\r\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\r\nfeature is disabled while the device is running:\r\n\r\n # ip link add bond1 up type bond mode 0\r\n # ethtool -K bond1 rx-vlan-filter off\r\n # ip link del dev bond1\r\n\r\nWhen the device is put administratively down the \"rx-vlan-filter\"\r\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\r\nmemory will be leaked [1].\r\n\r\nAnother problem that can happen is that the kernel can automatically\r\ndelete VLAN 0 when the device is put administratively down despite not\r\nadding it when the device was put administratively up since during that\r\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\r\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\r\nimbalance if toggling filtering during runtime:\r\n\r\n$ ip link add bond0 type bond mode 0\r\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\r\n$ ethtool -K bond0 rx-vlan-filter off\r\n$ ifconfig bond0 up\r\n$ ethtool -K bond0 rx-vlan-filter on\r\n$ ifconfig bond0 down\r\n$ ip link del vlan0\r\n\r\nRoot cause is as below:\r\nstep1: add vlan0 for real_dev, such as bond, team.\r\nregister_vlan_dev\r\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\r\nstep2: disable vlan filter feature and enable real_dev\r\nstep3: change filter from 0 to 1\r\nvlan_device_event\r\n vlan_filter_push_vids\r\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\r\nstep4: real_dev down\r\nvlan_device_event\r\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\r\n vlan_info_rcu_free //free vlan0\r\nstep5: delete vlan0\r\nunregister_vlan_dev\r\n BUG_ON(!vlan_info); //vlan_info is null\r\n\r\nFix both problems by noting in the VLAN info whether VLAN 0 was\r\nautomatically added upon NETDEV_UP and based on that decide whether it\r\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\r\n\"rx-vlan-filter\" feature.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38470"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntls: always refresh the queue when reading sock\r\n\r\nAfter recent changes in net-next TCP compacts skbs much more\r\naggressively. This unearthed a bug in TLS where we may try\r\nto operate on an old skb when checking if all skbs in the\r\nqueue have matching decrypt state and geometry.\r\n\r\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\r\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\r\n Read of size 4 at addr ffff888013085750 by task tls/13529\r\n\r\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\r\n Call Trace:\r\n kasan_report+0xca/0x100\r\n tls_strp_check_rcv+0x898/0x9a0 [tls]\r\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\r\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\r\n inet_recvmsg+0x1c3/0x1f0\r\n\r\nAlways reload the queue, fast path is to have the record in the queue\r\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38471"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38477",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\r\n\r\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\r\n(called during qfq_enqueue) while other threads access it\r\nconcurrently. For example, qfq_dump_class may trigger a NULL\r\ndereference, and qfq_delete_class may cause a use-after-free.\r\n\r\nThis patch addresses the issue by:\r\n\r\n1. Moved qfq_destroy_class into the critical section.\r\n\r\n2. Added sch_tree_lock protection to qfq_dump_class and\r\nqfq_dump_class_stats.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38498",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38498"
},
{
"cve": "CVE-2025-38499",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\r\n\r\nWhat we want is to verify there is that clone won\u0027t expose something\r\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\r\nmay be a result of MNT_LOCKED on a child, but it may also come from\r\nlacking admin rights in the userns of the namespace mount belongs to.\r\n\r\nclone_private_mnt() checks the former, but not the latter.\r\n\r\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\r\nuserns during the mount, especially with the new mount API; they serve\r\ndifferent purposes and in case of clone_private_mnt() they usually,\r\nbut not always end up covering the missing check mentioned above.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38499"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38614",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: Fix semi-unbounded recursion\n\nEnsure that epoll instances can never form a graph deeper than\nEP_MAX_NESTS+1 links.\n\nCurrently, ep_loop_check_proc() ensures that the graph is loop-free and\ndoes some recursion depth checks, but those recursion depth checks don\u0027t\nlimit the depth of the resulting tree for two reasons:\n\n - They don\u0027t look upwards in the tree.\n - If there are multiple downwards paths of different lengths, only one of\n the paths is actually considered for the depth check since commit\n 28d82dc1c4ed (\"epoll: limit paths\").\n\nEssentially, the current recursion depth check in ep_loop_check_proc() just\nserves to prevent it from recursing too deeply while checking for loops.\n\nA more thorough check is done in reverse_path_check() after the new graph\nedge has already been created; this checks, among other things, that no\npaths going upwards from any non-epoll file with a length of more than 5\nedges exist. However, this check does not apply to non-epoll files.\n\nAs a result, it is possible to recurse to a depth of at least roughly 500,\ntested on v6.15. (I am unsure if deeper recursion is possible; and this may\nhave changed with commit 8c44dac8add7 (\"eventpoll: Fix priority inversion\nproblem\").)\n\nTo fix it:\n\n1. In ep_loop_check_proc(), note the subtree depth of each visited node,\nand use subtree depths for the total depth calculation even when a subtree\nhas already been visited.\n2. Add ep_get_upwards_depth_proc() for similarly determining the maximum\ndepth of an upwards walk.\n3. In ep_loop_check(), use these values to limit the total path length\nbetween epoll nodes to EP_MAX_NESTS edges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38614"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38614"
},
{
"cve": "CVE-2025-38685",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38685"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38685"
},
{
"cve": "CVE-2025-38691",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix uninited ptr deref in block/scsi layout\n\nThe error occurs on the third attempt to encode extents. When function\next_tree_prepare_commit() reallocates a larger buffer to retry encoding\nextents, the \"layoutupdate_pages\" page array is initialized only after the\nretry loop. But ext_tree_free_commitdata() is called on every iteration\nand tries to put pages in the array, thus dereferencing uninitialized\npointers.\n\nAn additional problem is that there is no limit on the maximum possible\nbuffer_size. When there are too many extents, the client may create a\nlayoutcommit that is larger than the maximum possible RPC size accepted\nby the server.\n\nDuring testing, we observed two typical scenarios. First, one memory page\nfor extents is enough when we work with small files, append data to the\nend of the file, or preallocate extents before writing. But when we fill\na new large file without preallocating, the number of extents can be huge,\nand counting the number of written extents in ext_tree_encode_commit()\ndoes not help much. Since this number increases even more between\nunlocking and locking of ext_tree, the reallocated buffer may not be\nlarge enough again and again.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38691"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38691"
},
{
"cve": "CVE-2025-38701",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not BUG when INLINE_DATA_FL lacks system.data xattr\n\nA syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data()\nwhen an inode had the INLINE_DATA_FL flag set but was missing the\nsystem.data extended attribute.\n\nSince this can happen due to a maiciouly fuzzed file system, we\nshouldn\u0027t BUG, but rather, report it as a corrupted file system.\n\nAdd similar replacements of BUG_ON with EXT4_ERROR_INODE() ii\next4_create_inline_data() and ext4_inline_data_truncate().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38701"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38701"
},
{
"cve": "CVE-2025-38702",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1. Unregistration creates NULL gaps in registered_fb[]\n2. All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3. The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38702"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38702"
},
{
"cve": "CVE-2025-38708",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: add missing kref_get in handle_write_conflicts\n\nWith `two-primaries` enabled, DRBD tries to detect \"concurrent\" writes\nand handle write conflicts, so that even if you write to the same sector\nsimultaneously on both nodes, they end up with the identical data once\nthe writes are completed.\n\nIn handling \"superseeded\" writes, we forgot a kref_get,\nresulting in a premature drbd_destroy_device and use after free,\nand further to kernel crashes with symptoms.\n\nRelevance: No one should use DRBD as a random data generator, and apparently\nall users of \"two-primaries\" handle concurrent writes correctly on layer up.\nThat is cluster file systems use some distributed lock manager,\nand live migration in virtualization environments stops writes on one node\nbefore starting writes on the other node.\n\nWhich means that other than for \"test cases\",\nthis code path is never taken in real life.\n\nFYI, in DRBD 9, things are handled differently nowadays. We still detect\n\"write conflicts\", but no longer try to be smart about them.\nWe decided to disconnect hard instead: upper layers must not submit concurrent\nwrites. If they do, that\u0027s their fault.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38708"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38708"
},
{
"cve": "CVE-2025-38721",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: fix refcount leak on table dump\n\nThere is a reference count leak in ctnetlink_dump_table():\n if (res \u003c 0) {\n nf_conntrack_get(\u0026ct-\u003ect_general); // HERE\n cb-\u003eargs[1] = (unsigned long)ct;\n ...\n\nWhile its very unlikely, its possible that ct == last.\nIf this happens, then the refcount of ct was already incremented.\nThis 2nd increment is never undone.\n\nThis prevents the conntrack object from being released, which in turn\nkeeps prevents cnet-\u003ecount from dropping back to 0.\n\nThis will then block the netns dismantle (or conntrack rmmod) as\nnf_conntrack_cleanup_net_list() will wait forever.\n\nThis can be reproduced by running conntrack_resize.sh selftest in a loop.\nIt takes ~20 minutes for me on a preemptible kernel on average before\nI see a runaway kworker spinning in nf_conntrack_cleanup_net_list.\n\nOne fix would to change this to:\n if (res \u003c 0) {\n\t\tif (ct != last)\n\t nf_conntrack_get(\u0026ct-\u003ect_general);\n\nBut this reference counting isn\u0027t needed in the first place.\nWe can just store a cookie value instead.\n\nA followup patch will do the same for ctnetlink_exp_dump_table,\nit looks to me as if this has the same problem and like\nctnetlink_dump_table, we only need a \u0027skip hint\u0027, not the actual\nobject so we can apply the same cookie strategy there as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38721"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/772.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38721"
},
{
"cve": "CVE-2025-38724",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()\n\nLei Lu recently reported that nfsd4_setclientid_confirm() did not check\nthe return value from get_client_locked(). a SETCLIENTID_CONFIRM could\nrace with a confirmed client expiring and fail to get a reference. That\ncould later lead to a UAF.\n\nFix this by getting a reference early in the case where there is an\nextant confirmed client. If that fails then treat it as if there were no\nconfirmed client found at all.\n\nIn the case where the unconfirmed client is expiring, just fail and\nreturn the result from get_client_locked().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38724"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38724"
},
{
"cve": "CVE-2025-38727",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket\u0027s read memory allocation\nconstraints. Firstly, it has:\n\n rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket\u0027s receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\n\nThe checks don\u0027t cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n (t=26000 jiffies g=230833 q=259957)\n NMI backtrace for cpu 0\n CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n Call Trace:\n \u003cIRQ\u003e\n dump_stack lib/dump_stack.c:120\n nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n update_process_times kernel/time/timer.c:1953\n tick_sched_handle kernel/time/tick-sched.c:227\n tick_sched_timer kernel/time/tick-sched.c:1399\n __hrtimer_run_queues kernel/time/hrtimer.c:1652\n hrtimer_interrupt kernel/time/hrtimer.c:1717\n __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n \u003c/IRQ\u003e\n\n netlink_attachskb net/netlink/af_netlink.c:1234\n netlink_unicast net/netlink/af_netlink.c:1349\n kauditd_send_queue kernel/audit.c:776\n kauditd_thread kernel/audit.c:897\n kthread kernel/kthread.c:328\n ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/835.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38727"
},
{
"cve": "CVE-2025-39683",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39683"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39689",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Also allocate and copy hash for reading of filter files\n\nCurrently the reader of set_ftrace_filter and set_ftrace_notrace just adds\nthe pointer to the global tracer hash to its iterator. Unlike the writer\nthat allocates a copy of the hash, the reader keeps the pointer to the\nfilter hashes. This is problematic because this pointer is static across\nfunction calls that release the locks that can update the global tracer\nhashes. This can cause UAF and similar bugs.\n\nAllocate and copy the hash for reading the filter files like it is done\nfor the writers. This not only fixes UAF bugs, but also makes the code a\nbit simpler as it doesn\u0027t have to differentiate when to free the\niterator\u0027s hash between writers and readers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39689"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39689"
},
{
"cve": "CVE-2025-39697",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39724",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: fix panic due to PSLVERR\n\nWhen the PSLVERR_RESP_EN parameter is set to 1, the device generates\nan error response if an attempt is made to read an empty RBR (Receive\nBuffer Register) while the FIFO is enabled.\n\nIn serial8250_do_startup(), calling serial_port_out(port, UART_LCR,\nUART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes\ndw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter\nfunction enables the FIFO via serial_out(p, UART_FCR, p-\u003efcr).\nExecution proceeds to the serial_port_in(port, UART_RX).\nThis satisfies the PSLVERR trigger condition.\n\nWhen another CPU (e.g., using printk()) is accessing the UART (UART\nis busy), the current CPU fails the check (value \u0026 ~UART_LCR_SPAR) ==\n(lcr \u0026 ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter\ndw8250_force_idle().\n\nPut serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port-\u003elock\nto fix this issue.\n\nPanic backtrace:\n[ 0.442336] Oops - unknown exception [#1]\n[ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a\n[ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e\n...\n[ 0.442416] console_on_rootfs+0x26/0x70",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39724"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39724"
},
{
"cve": "CVE-2025-39756",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39756"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39770",
"cwe": {
"id": "CWE-573",
"name": "Improper Following of Specification by Caller"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM\n\nWhen performing Generic Segmentation Offload (GSO) on an IPv6 packet that\ncontains extension headers, the kernel incorrectly requests checksum offload\nif the egress device only advertises NETIF_F_IPV6_CSUM feature, which has\na strict contract: it supports checksum offload only for plain TCP or UDP\nover IPv6 and explicitly does not support packets with extension headers.\nThe current GSO logic violates this contract by failing to disable the feature\nfor packets with extension headers, such as those used in GREoIPv6 tunnels.\n\nThis violation results in the device being asked to perform an operation\nit cannot support, leading to a `skb_warn_bad_offload` warning and a collapse\nof network throughput. While device TSO/USO is correctly bypassed in favor\nof software GSO for these packets, the GSO stack must be explicitly told not\nto request checksum offload.\n\nMask NETIF_F_IPV6_CSUM, NETIF_F_TSO6 and NETIF_F_GSO_UDP_L4\nin gso_features_check if the IPv6 header contains extension headers to compute\nchecksum in software.\n\nThe exception is a BIG TCP extension, which, as stated in commit\n68e068cabd2c6c53 (\"net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets\"):\n\"The feature is only enabled on devices that support BIG TCP TSO.\nThe header is only present for PF_PACKET taps like tcpdump,\nand not transmitted by physical devices.\"\n\nkernel log output (truncated):\nWARNING: CPU: 1 PID: 5273 at net/core/dev.c:3535 skb_warn_bad_offload+0x81/0x140\n...\nCall Trace:\n \u003cTASK\u003e\n skb_checksum_help+0x12a/0x1f0\n validate_xmit_skb+0x1a3/0x2d0\n validate_xmit_skb_list+0x4f/0x80\n sch_direct_xmit+0x1a2/0x380\n __dev_xmit_skb+0x242/0x670\n __dev_queue_xmit+0x3fc/0x7f0\n ip6_finish_output2+0x25e/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_tnl_xmit+0x608/0xc00 [ip6_tunnel]\n ip6gre_tunnel_xmit+0x1c0/0x390 [ip6_gre]\n dev_hard_start_xmit+0x63/0x1c0\n __dev_queue_xmit+0x6d0/0x7f0\n ip6_finish_output2+0x214/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n inet6_csk_xmit+0xeb/0x150\n __tcp_transmit_skb+0x555/0xa80\n tcp_write_xmit+0x32a/0xe90\n tcp_sendmsg_locked+0x437/0x1110\n tcp_sendmsg+0x2f/0x50\n...\nskb linear: 00000000: e4 3d 1a 7d ec 30 e4 3d 1a 7e 5d 90 86 dd 60 0e\nskb linear: 00000010: 00 0a 1b 34 3c 40 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000020: 00 00 00 00 00 12 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000030: 00 00 00 00 00 11 2f 00 04 01 04 01 01 00 00 00\nskb linear: 00000040: 86 dd 60 0e 00 0a 1b 00 06 40 20 23 00 00 00 00\nskb linear: 00000050: 00 00 00 00 00 00 00 00 00 12 20 23 00 00 00 00\nskb linear: 00000060: 00 00 00 00 00 00 00 00 00 11 bf 96 14 51 13 f9\nskb linear: 00000070: ae 27 a0 a8 2b e3 80 18 00 40 5b 6f 00 00 01 01\nskb linear: 00000080: 08 0a 42 d4 50 d5 4b 70 f8 1a",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39770"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/573.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39770"
},
{
"cve": "CVE-2025-39773",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix soft lockup in br_multicast_query_expired()\n\nWhen set multicast_query_interval to a large value, the local variable\n\u0027time\u0027 in br_multicast_send_query() may overflow. If the time is smaller\nthan jiffies, the timer will expire immediately, and then call mod_timer()\nagain, which creates a loop and may trigger the following soft lockup\nissue.\n\n watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66]\n CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none)\n Call Trace:\n \u003cIRQ\u003e\n __netdev_alloc_skb+0x2e/0x3a0\n br_ip6_multicast_alloc_query+0x212/0x1b70\n __br_multicast_send_query+0x376/0xac0\n br_multicast_send_query+0x299/0x510\n br_multicast_query_expired.constprop.0+0x16d/0x1b0\n call_timer_fn+0x3b/0x2a0\n __run_timers+0x619/0x950\n run_timer_softirq+0x11c/0x220\n handle_softirqs+0x18e/0x560\n __irq_exit_rcu+0x158/0x1a0\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n\nThis issue can be reproduced with:\n ip link add br0 type bridge\n echo 1 \u003e /sys/class/net/br0/bridge/multicast_querier\n echo 0xffffffffffffffff \u003e\n \t/sys/class/net/br0/bridge/multicast_query_interval\n ip link set dev br0 up\n\nThe multicast_startup_query_interval can also cause this issue. Similar to\nthe commit 99b40610956a (\"net: bridge: mcast: add and enforce query\ninterval minimum\"), add check for the query interval maximum to fix this\nissue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39773"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39773"
},
{
"cve": "CVE-2025-39783",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix configfs group list head handling\n\nDoing a list_del() on the epf_group field of struct pci_epf_driver in\npci_epf_remove_cfs() is not correct as this field is a list head, not\na list entry. This list_del() call triggers a KASAN warning when an\nendpoint function driver which has a configfs attribute group is torn\ndown:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198\nWrite of size 8 at addr ffff00010f4a0d80 by task rmmod/319\n\nCPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE\nHardware name: Radxa ROCK 5B (DT)\nCall trace:\nshow_stack+0x2c/0x84 (C)\ndump_stack_lvl+0x70/0x98\nprint_report+0x17c/0x538\nkasan_report+0xb8/0x190\n__asan_report_store8_noabort+0x20/0x2c\npci_epf_remove_cfs+0x17c/0x198\npci_epf_unregister_driver+0x18/0x30\nnvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf]\n__arm64_sys_delete_module+0x264/0x424\ninvoke_syscall+0x70/0x260\nel0_svc_common.constprop.0+0xac/0x230\ndo_el0_svc+0x40/0x58\nel0_svc+0x48/0xdc\nel0t_64_sync_handler+0x10c/0x138\nel0t_64_sync+0x198/0x19c\n...\n\nRemove this incorrect list_del() call from pci_epf_remove_cfs().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39783"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39783"
},
{
"cve": "CVE-2025-39787",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: mdt_loader: Ensure we don\u0027t read past the ELF header\n\nWhen the MDT loader is used in remoteproc, the ELF header is sanitized\nbeforehand, but that\u0027s not necessary the case for other clients.\n\nValidate the size of the firmware buffer to ensure that we don\u0027t read\npast the end as we iterate over the header. e_phentsize and e_shentsize\nare validated as well, to ensure that the assumptions about step size in\nthe traversal are valid.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39787"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39787"
},
{
"cve": "CVE-2025-39795",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid possible overflow for chunk_sectors check in blk_stack_limits()\n\nIn blk_stack_limits(), we check that the t-\u003echunk_sectors value is a\nmultiple of the t-\u003ephysical_block_size value.\n\nHowever, by finding the chunk_sectors value in bytes, we may overflow\nthe unsigned int which holds chunk_sectors, so change the check to be\nbased on sectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39795"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39795"
},
{
"cve": "CVE-2025-39798",
"cwe": {
"id": "CWE-273",
"name": "Improper Check for Dropped Privileges"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix the setting of capabilities when automounting a new filesystem\n\nCapabilities cannot be inherited when we cross into a new filesystem.\nThey need to be reset to the minimal defaults, and then probed for\nagain.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39798"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/273.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39798"
},
{
"cve": "CVE-2025-39866",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39866"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39929",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsmb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path\r\n\r\nDuring tests of another unrelated patch I was able to trigger this\r\nerror: Objects remaining on __kmem_cache_shutdown()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39929"
},
{
"cve": "CVE-2025-39931",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\r\n\r\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\r\na garbage value from the previous loop. This may then trigger a\r\ncrash on the next entry into af_alg_sendmsg when it attempts to do\r\na merge that can\u0027t be done.\r\n\r\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/457.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39977",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfutex: Prevent use-after-free during requeue-PI\r\n\r\nsyzbot managed to trigger the following race:\r\n\r\n T1 T2\r\n\r\n futex_wait_requeue_pi()\r\n futex_do_wait()\r\n schedule()\r\n futex_requeue()\r\n futex_proxy_trylock_atomic()\r\n futex_requeue_pi_prepare()\r\n requeue_pi_wake_futex()\r\n futex_requeue_pi_complete()\r\n /* preempt */\r\n\r\n * timeout/ signal wakes T1 *\r\n\r\n futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED\r\n futex_hash_put()\r\n // back to userland, on stack futex_q is garbage\r\n\r\n /* back */\r\n wake_up_state(q-\u003etask, TASK_NORMAL);\r\n\r\nIn this scenario futex_wait_requeue_pi() is able to leave without using\r\nfutex_q::lock_ptr for synchronization.\r\n\r\nThis can be prevented by reading futex_q::task before updating the\r\nfutex_q::requeue_state. A reference on the task_struct is not needed\r\nbecause requeue_pi_wake_futex() is invoked with a spinlock_t held which\r\nimplies a RCU read section.\r\n\r\nEven if T1 terminates immediately after, the task_struct will remain valid\r\nduring T2\u0027s wake_up_state(). A READ_ONCE on futex_q::task before\r\nfutex_requeue_pi_complete() is enough because it ensures that the variable\r\nis read before the state is updated.\r\n\r\nRead futex_q::task before updating the requeue state, use it for the\r\nfollowing wakeup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39977"
},
{
"cve": "CVE-2025-40022",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: af_alg - Fix incorrect boolean values in af_alg_ctx\r\n\r\nCommit 1b34cbbf4f01 (\"crypto: af_alg - Disallow concurrent writes in\r\naf_alg_sendmsg\") changed some fields from bool to 1-bit bitfields of\r\ntype u32.\r\n\r\nHowever, some assignments to these fields, specifically \u0027more\u0027 and\r\n\u0027merge\u0027, assign values greater than 1. These relied on C\u0027s implicit\r\nconversion to bool, such that zero becomes false and nonzero becomes\r\ntrue.\r\n\r\nWith a 1-bit bitfields of type u32 instead, mod 2 of the value is taken\r\ninstead, resulting in 0 being assigned in some cases when 1 was intended.\r\n\r\nFix this by restoring the bool type.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40022"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/704.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-40022"
},
{
"cve": "CVE-2025-46836",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46836"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-46836"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66382",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/407.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-66382"
},
{
"cve": "CVE-2026-31431",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.",
"title": "Summary"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIMATIC S7-1500 CPU 1518-4 PN/DP MFP"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIMATIC S7-1500 CPU 1518-4 PN/DP MFP"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIPLUS S7-1500 CPU 1518-4 PN/DP MFP"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/669.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
},
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
},
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
},
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
},
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005"
]
}
],
"title": "CVE-2026-31431"
}
]
}
MSRC_CVE-2023-48795
Vulnerability from csaf_microsoft - Published: 2023-12-01 08:00 - Updated: 2026-02-18 15:07Summary
The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.9 (Medium)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 18085-17084 | — | ||
| Unresolved product id: 19339-17084 | — | ||
| Unresolved product id: 20073-17084 | — | ||
| Unresolved product id: 18199-17086 | — | ||
| Unresolved product id: 18200-17086 | — | ||
| Unresolved product id: 18201-17086 | — | ||
| Unresolved product id: 18130-17086 | — | ||
| Unresolved product id: 17414-17086 | — | ||
| Unresolved product id: 18202-17086 | — | ||
| Unresolved product id: 18203-17086 | — | ||
| Unresolved product id: 18204-17086 | — | ||
| Unresolved product id: 18205-17086 | — | ||
| Unresolved product id: 18206-17086 | — | ||
| Unresolved product id: 18207-17086 | — | ||
| Unresolved product id: 18208-17086 | — | ||
| Unresolved product id: 18209-17086 | — | ||
| Unresolved product id: 18210-17086 | — | ||
| Unresolved product id: 18211-17084 | — | ||
| Unresolved product id: 17801-17084 | — | ||
| Unresolved product id: 18041-17084 | — | ||
| Unresolved product id: 18212-17084 | — | ||
| Unresolved product id: 18213-17084 | — | ||
| Unresolved product id: 18214-17084 | — | ||
| Unresolved product id: 18215-17084 | — | ||
| Unresolved product id: 17753-17084 | — | ||
| Unresolved product id: 18216-17084 | — | ||
| Unresolved product id: 18217-17084 | — | ||
| Unresolved product id: 17766-17084 | — | ||
| Unresolved product id: 19863-17084 | — | ||
| Unresolved product id: 19605-17084 | — | ||
| Unresolved product id: 19986-17084 | — | ||
| Unresolved product id: 19453-17084 | — | ||
| Unresolved product id: 19962-17084 | — | ||
| Unresolved product id: 19808-17084 | — | ||
| Unresolved product id: 18082-17084 | — |
Known affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-30 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-9 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-1 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-28 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-27 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-26 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-29 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-38 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-25 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-23 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-21 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-20 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-19 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-18 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-17 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-16 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-33 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-32 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-15 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-13 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-36 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-35 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-7 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-2 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-5 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-31 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-6 | — | ||
| Unresolved product id: 17084-34 | — | ||
| Unresolved product id: 17084-37 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-48795.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2 ",
"tracking": {
"current_release_date": "2026-02-18T15:07:55.000Z",
"generator": {
"date": "2026-02-21T05:07:13.816Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-48795",
"initial_release_date": "2023-12-01T08:00:00.000Z",
"revision_history": [
{
"date": "2023-12-25T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2023-12-27T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added moby-cli to CBL-Mariner 2.0"
},
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
},
{
"date": "2024-08-16T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Information published."
},
{
"date": "2024-08-25T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
},
{
"date": "2024-08-26T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Information published."
},
{
"date": "2024-08-27T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Information published."
},
{
"date": "2024-08-28T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Information published."
},
{
"date": "2024-08-29T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Information published."
},
{
"date": "2024-08-30T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Information published."
},
{
"date": "2024-08-31T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Information published."
},
{
"date": "2024-09-01T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Information published."
},
{
"date": "2024-09-02T00:00:00.000Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Information published."
},
{
"date": "2024-09-03T00:00:00.000Z",
"legacy_version": "2.3",
"number": "14",
"summary": "Information published."
},
{
"date": "2024-09-05T00:00:00.000Z",
"legacy_version": "2.4",
"number": "15",
"summary": "Information published."
},
{
"date": "2024-09-06T00:00:00.000Z",
"legacy_version": "2.5",
"number": "16",
"summary": "Information published."
},
{
"date": "2024-09-07T00:00:00.000Z",
"legacy_version": "2.6",
"number": "17",
"summary": "Information published."
},
{
"date": "2024-09-08T00:00:00.000Z",
"legacy_version": "2.7",
"number": "18",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "2.8",
"number": "19",
"summary": "Information published."
},
{
"date": "2024-11-09T00:00:00.000Z",
"legacy_version": "2.9",
"number": "20",
"summary": "Added kubevirt to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded packer to Azure Linux 3.0\nAdded kubernetes to Azure Linux 3.0\nAdded docker-buildx to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded moby-compose to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded kubernetes to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded erlang to CBL-Mariner 2.0\nAdded libssh2 to CBL-Mariner 2.0\nAdded moby-cli to CBL-Mariner 2.0\nAdded openssh to CBL-Mariner 2.0\nAdded libssh to CBL-Mariner 2.0"
},
{
"date": "2025-03-13T00:00:00.000Z",
"legacy_version": "3",
"number": "21",
"summary": "Added cf-cli to Azure Linux 3.0\nAdded node-problem-detector to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded packer to Azure Linux 3.0\nAdded kubernetes to Azure Linux 3.0\nAdded docker-buildx to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded moby-compose to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded kubernetes to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded erlang to CBL-Mariner 2.0\nAdded libssh2 to CBL-Mariner 2.0\nAdded moby-cli to CBL-Mariner 2.0\nAdded openssh to CBL-Mariner 2.0\nAdded libssh to CBL-Mariner 2.0"
},
{
"date": "2025-03-27T00:00:00.000Z",
"legacy_version": "3.1",
"number": "22",
"summary": "Added libssh to Azure Linux 3.0\nAdded cf-cli to Azure Linux 3.0\nAdded node-problem-detector to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded packer to Azure Linux 3.0\nAdded kubernetes to Azure Linux 3.0\nAdded docker-buildx to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded moby-compose to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded kubernetes to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded erlang to CBL-Mariner 2.0\nAdded libssh2 to CBL-Mariner 2.0\nAdded moby-cli to CBL-Mariner 2.0\nAdded openssh to CBL-Mariner 2.0\nAdded libssh to CBL-Mariner 2.0"
},
{
"date": "2025-04-08T00:00:00.000Z",
"legacy_version": "3.2",
"number": "23",
"summary": "Added kubevirt to CBL-Mariner 2.0\nAdded terraform to CBL-Mariner 2.0\nAdded moby-compose to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded kubernetes to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded erlang to CBL-Mariner 2.0\nAdded libssh2 to CBL-Mariner 2.0\nAdded moby-cli to CBL-Mariner 2.0\nAdded openssh to CBL-Mariner 2.0\nAdded libssh to CBL-Mariner 2.0\nAdded libssh to Azure Linux 3.0\nAdded cf-cli to Azure Linux 3.0\nAdded node-problem-detector to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded packer to Azure Linux 3.0\nAdded kubernetes to Azure Linux 3.0\nAdded docker-buildx to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0"
},
{
"date": "2025-04-12T00:00:00.000Z",
"legacy_version": "3.3",
"number": "24",
"summary": "Added libssh2 to Azure Linux 3.0\nAdded libssh to Azure Linux 3.0\nAdded cf-cli to Azure Linux 3.0\nAdded node-problem-detector to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded packer to Azure Linux 3.0\nAdded kubernetes to Azure Linux 3.0\nAdded docker-buildx to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded kubevirt to CBL-Mariner 2.0\nAdded terraform to CBL-Mariner 2.0\nAdded moby-compose to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded kubernetes to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded erlang to CBL-Mariner 2.0\nAdded libssh2 to CBL-Mariner 2.0\nAdded moby-cli to CBL-Mariner 2.0\nAdded openssh to CBL-Mariner 2.0\nAdded libssh to CBL-Mariner 2.0"
},
{
"date": "2026-02-18T15:07:55.000Z",
"legacy_version": "3.4",
"number": "25",
"summary": "Information published."
}
],
"status": "final",
"version": "25"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cf-cli 8.7.3-6",
"product": {
"name": "\u003cazl3 cf-cli 8.7.3-6",
"product_id": "30"
}
},
{
"category": "product_version",
"name": "azl3 cf-cli 8.7.3-6",
"product": {
"name": "azl3 cf-cli 8.7.3-6",
"product_id": "18085"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cf-cli 8.7.11-1",
"product": {
"name": "\u003cazl3 cf-cli 8.7.11-1",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "azl3 cf-cli 8.7.11-1",
"product": {
"name": "azl3 cf-cli 8.7.11-1",
"product_id": "18217"
}
}
],
"category": "product_name",
"name": "cf-cli"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kubevirt 1.2.0-17",
"product": {
"name": "\u003cazl3 kubevirt 1.2.0-17",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 1.2.0-17",
"product": {
"name": "azl3 kubevirt 1.2.0-17",
"product_id": "19339"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 kubevirt 0.59.0-26",
"product": {
"name": "\u003ccbl2 kubevirt 0.59.0-26",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "cbl2 kubevirt 0.59.0-26",
"product": {
"name": "cbl2 kubevirt 0.59.0-26",
"product_id": "18203"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 kubevirt 1.2.0-9",
"product": {
"name": "\u003cazl3 kubevirt 1.2.0-9",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 1.2.0-9",
"product": {
"name": "azl3 kubevirt 1.2.0-9",
"product_id": "18215"
}
}
],
"category": "product_name",
"name": "kubevirt"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libssh 0.10.5-2",
"product": {
"name": "\u003cazl3 libssh 0.10.5-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 libssh 0.10.5-2",
"product": {
"name": "azl3 libssh 0.10.5-2",
"product_id": "20073"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libssh 0.10.6-1",
"product": {
"name": "\u003ccbl2 libssh 0.10.6-1",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "cbl2 libssh 0.10.6-1",
"product": {
"name": "cbl2 libssh 0.10.6-1",
"product_id": "18208"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libssh 0.10.6-1",
"product": {
"name": "\u003cazl3 libssh 0.10.6-1",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "azl3 libssh 0.10.6-1",
"product": {
"name": "azl3 libssh 0.10.6-1",
"product_id": "18214"
}
}
],
"category": "product_name",
"name": "libssh"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 moby-engine 20.10.27-1",
"product": {
"name": "\u003ccbl2 moby-engine 20.10.27-1",
"product_id": "28"
}
},
{
"category": "product_version",
"name": "cbl2 moby-engine 20.10.27-1",
"product": {
"name": "cbl2 moby-engine 20.10.27-1",
"product_id": "18199"
}
}
],
"category": "product_name",
"name": "moby-engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 jsch 0.1.55-2",
"product": {
"name": "\u003ccbl2 jsch 0.1.55-2",
"product_id": "27"
}
},
{
"category": "product_version",
"name": "cbl2 jsch 0.1.55-2",
"product": {
"name": "cbl2 jsch 0.1.55-2",
"product_id": "18200"
}
}
],
"category": "product_name",
"name": "jsch"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 terraform 1.3.2-25",
"product": {
"name": "\u003ccbl2 terraform 1.3.2-25",
"product_id": "26"
}
},
{
"category": "product_version",
"name": "cbl2 terraform 1.3.2-25",
"product": {
"name": "cbl2 terraform 1.3.2-25",
"product_id": "18201"
}
}
],
"category": "product_name",
"name": "terraform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 packer 1.9.5-3",
"product": {
"name": "\u003ccbl2 packer 1.9.5-3",
"product_id": "29"
}
},
{
"category": "product_version",
"name": "cbl2 packer 1.9.5-3",
"product": {
"name": "cbl2 packer 1.9.5-3",
"product_id": "18130"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 packer 1.9.5-1",
"product": {
"name": "\u003cazl3 packer 1.9.5-1",
"product_id": "32"
}
},
{
"category": "product_version",
"name": "azl3 packer 1.9.5-1",
"product": {
"name": "azl3 packer 1.9.5-1",
"product_id": "18041"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 packer 1.9.4-1",
"product": {
"name": "\u003cazl3 packer 1.9.4-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 packer 1.9.4-1",
"product": {
"name": "azl3 packer 1.9.4-1",
"product_id": "19962"
}
}
],
"category": "product_name",
"name": "packer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 moby-compose 2.17.3-5",
"product": {
"name": "\u003ccbl2 moby-compose 2.17.3-5",
"product_id": "38"
}
},
{
"category": "product_version",
"name": "cbl2 moby-compose 2.17.3-5",
"product": {
"name": "cbl2 moby-compose 2.17.3-5",
"product_id": "17414"
}
}
],
"category": "product_name",
"name": "moby-compose"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 moby-cli 20.10.27-2",
"product": {
"name": "\u003ccbl2 moby-cli 20.10.27-2",
"product_id": "25"
}
},
{
"category": "product_version",
"name": "cbl2 moby-cli 20.10.27-2",
"product": {
"name": "cbl2 moby-cli 20.10.27-2",
"product_id": "18202"
}
}
],
"category": "product_name",
"name": "moby-cli"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 kubernetes 1.28.4-4",
"product": {
"name": "\u003ccbl2 kubernetes 1.28.4-4",
"product_id": "23"
}
},
{
"category": "product_version",
"name": "cbl2 kubernetes 1.28.4-4",
"product": {
"name": "cbl2 kubernetes 1.28.4-4",
"product_id": "18204"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 kubernetes 1.30.1-1",
"product": {
"name": "\u003cazl3 kubernetes 1.30.1-1",
"product_id": "36"
}
},
{
"category": "product_version",
"name": "azl3 kubernetes 1.30.1-1",
"product": {
"name": "azl3 kubernetes 1.30.1-1",
"product_id": "17753"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 kubernetes 1.29.1-4",
"product": {
"name": "\u003cazl3 kubernetes 1.29.1-4",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 kubernetes 1.29.1-4",
"product": {
"name": "azl3 kubernetes 1.29.1-4",
"product_id": "19986"
}
}
],
"category": "product_name",
"name": "kubernetes"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 openssh 8.9p1-4",
"product": {
"name": "\u003ccbl2 openssh 8.9p1-4",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "cbl2 openssh 8.9p1-4",
"product": {
"name": "cbl2 openssh 8.9p1-4",
"product_id": "18205"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 openssh 9.8p1-4",
"product": {
"name": "\u003cazl3 openssh 9.8p1-4",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "azl3 openssh 9.8p1-4",
"product": {
"name": "azl3 openssh 9.8p1-4",
"product_id": "19453"
}
}
],
"category": "product_name",
"name": "openssh"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 nmap 7.93-2",
"product": {
"name": "\u003ccbl2 nmap 7.93-2",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "cbl2 nmap 7.93-2",
"product": {
"name": "cbl2 nmap 7.93-2",
"product_id": "18206"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 nmap 7.93-2",
"product": {
"name": "\u003cazl3 nmap 7.93-2",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "azl3 nmap 7.93-2",
"product": {
"name": "azl3 nmap 7.93-2",
"product_id": "18212"
}
}
],
"category": "product_name",
"name": "nmap"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 libssh2 1.9.0-4",
"product": {
"name": "\u003ccbl2 libssh2 1.9.0-4",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "cbl2 libssh2 1.9.0-4",
"product": {
"name": "cbl2 libssh2 1.9.0-4",
"product_id": "18207"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libssh2 1.11.1-1",
"product": {
"name": "\u003cazl3 libssh2 1.11.1-1",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "azl3 libssh2 1.11.1-1",
"product": {
"name": "azl3 libssh2 1.11.1-1",
"product_id": "18213"
}
}
],
"category": "product_name",
"name": "libssh2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 erlang 25.2-1",
"product": {
"name": "\u003ccbl2 erlang 25.2-1",
"product_id": "18"
}
},
{
"category": "product_version",
"name": "cbl2 erlang 25.2-1",
"product": {
"name": "cbl2 erlang 25.2-1",
"product_id": "18209"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 erlang 26.2.3-1",
"product": {
"name": "\u003cazl3 erlang 26.2.3-1",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "azl3 erlang 26.2.3-1",
"product": {
"name": "azl3 erlang 26.2.3-1",
"product_id": "18216"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 erlang 26.2.5.12-1",
"product": {
"name": "\u003cazl3 erlang 26.2.5.12-1",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "azl3 erlang 26.2.5.12-1",
"product": {
"name": "azl3 erlang 26.2.5.12-1",
"product_id": "19605"
}
}
],
"category": "product_name",
"name": "erlang"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cert-manager 1.11.2-7",
"product": {
"name": "\u003ccbl2 cert-manager 1.11.2-7",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "cbl2 cert-manager 1.11.2-7",
"product": {
"name": "cbl2 cert-manager 1.11.2-7",
"product_id": "18210"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cert-manager 1.12.12-1",
"product": {
"name": "\u003cazl3 cert-manager 1.12.12-1",
"product_id": "35"
}
},
{
"category": "product_version",
"name": "azl3 cert-manager 1.12.12-1",
"product": {
"name": "azl3 cert-manager 1.12.12-1",
"product_id": "17766"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cert-manager 1.11.2-8",
"product": {
"name": "\u003cazl3 cert-manager 1.11.2-8",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 cert-manager 1.11.2-8",
"product": {
"name": "azl3 cert-manager 1.11.2-8",
"product_id": "19863"
}
}
],
"category": "product_name",
"name": "cert-manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 node-problem-detector 0.8.20-2",
"product": {
"name": "\u003cazl3 node-problem-detector 0.8.20-2",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "azl3 node-problem-detector 0.8.20-2",
"product": {
"name": "azl3 node-problem-detector 0.8.20-2",
"product_id": "18211"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 node-problem-detector 0.8.15-4",
"product": {
"name": "\u003cazl3 node-problem-detector 0.8.15-4",
"product_id": "31"
}
},
{
"category": "product_version",
"name": "azl3 node-problem-detector 0.8.15-4",
"product": {
"name": "azl3 node-problem-detector 0.8.15-4",
"product_id": "18082"
}
}
],
"category": "product_name",
"name": "node-problem-detector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 docker-buildx 0.14.0-1",
"product": {
"name": "\u003cazl3 docker-buildx 0.14.0-1",
"product_id": "33"
}
},
{
"category": "product_version",
"name": "azl3 docker-buildx 0.14.0-1",
"product": {
"name": "azl3 docker-buildx 0.14.0-1",
"product_id": "17801"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 docker-buildx 0.12.1-1",
"product": {
"name": "\u003cazl3 docker-buildx 0.12.1-1",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "azl3 docker-buildx 0.12.1-1",
"product": {
"name": "azl3 docker-buildx 0.12.1-1",
"product_id": "19808"
}
}
],
"category": "product_name",
"name": "docker-buildx"
},
{
"category": "product_name",
"name": "azl3 telegraf 1.27.3-4",
"product": {
"name": "azl3 telegraf 1.27.3-4",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "azl3 libcontainers-common 20240213-3",
"product": {
"name": "azl3 libcontainers-common 20240213-3",
"product_id": "34"
}
},
{
"category": "product_name",
"name": "azl3 nmap 7.95-2",
"product": {
"name": "azl3 nmap 7.95-2",
"product_id": "37"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cf-cli 8.7.3-6 as a component of Azure Linux 3.0",
"product_id": "17084-30"
},
"product_reference": "30",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cf-cli 8.7.3-6 as a component of Azure Linux 3.0",
"product_id": "18085-17084"
},
"product_reference": "18085",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubevirt 1.2.0-17 as a component of Azure Linux 3.0",
"product_id": "17084-9"
},
"product_reference": "9",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubevirt 1.2.0-17 as a component of Azure Linux 3.0",
"product_id": "19339-17084"
},
"product_reference": "19339",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libssh 0.10.5-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libssh 0.10.5-2 as a component of Azure Linux 3.0",
"product_id": "20073-17084"
},
"product_reference": "20073",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 telegraf 1.27.3-4 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 moby-engine 20.10.27-1 as a component of CBL Mariner 2.0",
"product_id": "17086-28"
},
"product_reference": "28",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 moby-engine 20.10.27-1 as a component of CBL Mariner 2.0",
"product_id": "18199-17086"
},
"product_reference": "18199",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 jsch 0.1.55-2 as a component of CBL Mariner 2.0",
"product_id": "17086-27"
},
"product_reference": "27",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 jsch 0.1.55-2 as a component of CBL Mariner 2.0",
"product_id": "18200-17086"
},
"product_reference": "18200",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 terraform 1.3.2-25 as a component of CBL Mariner 2.0",
"product_id": "17086-26"
},
"product_reference": "26",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 terraform 1.3.2-25 as a component of CBL Mariner 2.0",
"product_id": "18201-17086"
},
"product_reference": "18201",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 packer 1.9.5-3 as a component of CBL Mariner 2.0",
"product_id": "17086-29"
},
"product_reference": "29",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 packer 1.9.5-3 as a component of CBL Mariner 2.0",
"product_id": "18130-17086"
},
"product_reference": "18130",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 moby-compose 2.17.3-5 as a component of CBL Mariner 2.0",
"product_id": "17086-38"
},
"product_reference": "38",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 moby-compose 2.17.3-5 as a component of CBL Mariner 2.0",
"product_id": "17414-17086"
},
"product_reference": "17414",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 moby-cli 20.10.27-2 as a component of CBL Mariner 2.0",
"product_id": "17086-25"
},
"product_reference": "25",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 moby-cli 20.10.27-2 as a component of CBL Mariner 2.0",
"product_id": "18202-17086"
},
"product_reference": "18202",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubevirt 0.59.0-26 as a component of CBL Mariner 2.0",
"product_id": "17086-24"
},
"product_reference": "24",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubevirt 0.59.0-26 as a component of CBL Mariner 2.0",
"product_id": "18203-17086"
},
"product_reference": "18203",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubernetes 1.28.4-4 as a component of CBL Mariner 2.0",
"product_id": "17086-23"
},
"product_reference": "23",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubernetes 1.28.4-4 as a component of CBL Mariner 2.0",
"product_id": "18204-17086"
},
"product_reference": "18204",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 openssh 8.9p1-4 as a component of CBL Mariner 2.0",
"product_id": "17086-22"
},
"product_reference": "22",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 openssh 8.9p1-4 as a component of CBL Mariner 2.0",
"product_id": "18205-17086"
},
"product_reference": "18205",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 nmap 7.93-2 as a component of CBL Mariner 2.0",
"product_id": "17086-21"
},
"product_reference": "21",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 nmap 7.93-2 as a component of CBL Mariner 2.0",
"product_id": "18206-17086"
},
"product_reference": "18206",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libssh2 1.9.0-4 as a component of CBL Mariner 2.0",
"product_id": "17086-20"
},
"product_reference": "20",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libssh2 1.9.0-4 as a component of CBL Mariner 2.0",
"product_id": "18207-17086"
},
"product_reference": "18207",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libssh 0.10.6-1 as a component of CBL Mariner 2.0",
"product_id": "17086-19"
},
"product_reference": "19",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libssh 0.10.6-1 as a component of CBL Mariner 2.0",
"product_id": "18208-17086"
},
"product_reference": "18208",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 erlang 25.2-1 as a component of CBL Mariner 2.0",
"product_id": "17086-18"
},
"product_reference": "18",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 erlang 25.2-1 as a component of CBL Mariner 2.0",
"product_id": "18209-17086"
},
"product_reference": "18209",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cert-manager 1.11.2-7 as a component of CBL Mariner 2.0",
"product_id": "17086-17"
},
"product_reference": "17",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cert-manager 1.11.2-7 as a component of CBL Mariner 2.0",
"product_id": "18210-17086"
},
"product_reference": "18210",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 node-problem-detector 0.8.20-2 as a component of Azure Linux 3.0",
"product_id": "17084-16"
},
"product_reference": "16",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 node-problem-detector 0.8.20-2 as a component of Azure Linux 3.0",
"product_id": "18211-17084"
},
"product_reference": "18211",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 docker-buildx 0.14.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-33"
},
"product_reference": "33",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 docker-buildx 0.14.0-1 as a component of Azure Linux 3.0",
"product_id": "17801-17084"
},
"product_reference": "17801",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 packer 1.9.5-1 as a component of Azure Linux 3.0",
"product_id": "17084-32"
},
"product_reference": "32",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 packer 1.9.5-1 as a component of Azure Linux 3.0",
"product_id": "18041-17084"
},
"product_reference": "18041",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nmap 7.93-2 as a component of Azure Linux 3.0",
"product_id": "17084-15"
},
"product_reference": "15",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nmap 7.93-2 as a component of Azure Linux 3.0",
"product_id": "18212-17084"
},
"product_reference": "18212",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libssh2 1.11.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libssh2 1.11.1-1 as a component of Azure Linux 3.0",
"product_id": "18213-17084"
},
"product_reference": "18213",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libssh 0.10.6-1 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libssh 0.10.6-1 as a component of Azure Linux 3.0",
"product_id": "18214-17084"
},
"product_reference": "18214",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubevirt 1.2.0-9 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubevirt 1.2.0-9 as a component of Azure Linux 3.0",
"product_id": "18215-17084"
},
"product_reference": "18215",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubernetes 1.30.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-36"
},
"product_reference": "36",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubernetes 1.30.1-1 as a component of Azure Linux 3.0",
"product_id": "17753-17084"
},
"product_reference": "17753",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 erlang 26.2.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 erlang 26.2.3-1 as a component of Azure Linux 3.0",
"product_id": "18216-17084"
},
"product_reference": "18216",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cf-cli 8.7.11-1 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cf-cli 8.7.11-1 as a component of Azure Linux 3.0",
"product_id": "18217-17084"
},
"product_reference": "18217",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cert-manager 1.12.12-1 as a component of Azure Linux 3.0",
"product_id": "17084-35"
},
"product_reference": "35",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cert-manager 1.12.12-1 as a component of Azure Linux 3.0",
"product_id": "17766-17084"
},
"product_reference": "17766",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cert-manager 1.11.2-8 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cert-manager 1.11.2-8 as a component of Azure Linux 3.0",
"product_id": "19863-17084"
},
"product_reference": "19863",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 erlang 26.2.5.12-1 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 erlang 26.2.5.12-1 as a component of Azure Linux 3.0",
"product_id": "19605-17084"
},
"product_reference": "19605",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubernetes 1.29.1-4 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubernetes 1.29.1-4 as a component of Azure Linux 3.0",
"product_id": "19986-17084"
},
"product_reference": "19986",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libcontainers-common 20240213-3 as a component of Azure Linux 3.0",
"product_id": "17084-34"
},
"product_reference": "34",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nmap 7.95-2 as a component of Azure Linux 3.0",
"product_id": "17084-37"
},
"product_reference": "37",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 openssh 9.8p1-4 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 openssh 9.8p1-4 as a component of Azure Linux 3.0",
"product_id": "19453-17084"
},
"product_reference": "19453",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 packer 1.9.4-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 packer 1.9.4-1 as a component of Azure Linux 3.0",
"product_id": "19962-17084"
},
"product_reference": "19962",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 docker-buildx 0.12.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 docker-buildx 0.12.1-1 as a component of Azure Linux 3.0",
"product_id": "19808-17084"
},
"product_reference": "19808",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 node-problem-detector 0.8.15-4 as a component of Azure Linux 3.0",
"product_id": "17084-31"
},
"product_reference": "31",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 node-problem-detector 0.8.15-4 as a component of Azure Linux 3.0",
"product_id": "18082-17084"
},
"product_reference": "18082",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-6",
"17084-34",
"17084-37"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18085-17084",
"19339-17084",
"20073-17084",
"18199-17086",
"18200-17086",
"18201-17086",
"18130-17086",
"17414-17086",
"18202-17086",
"18203-17086",
"18204-17086",
"18205-17086",
"18206-17086",
"18207-17086",
"18208-17086",
"18209-17086",
"18210-17086",
"18211-17084",
"17801-17084",
"18041-17084",
"18212-17084",
"18213-17084",
"18214-17084",
"18215-17084",
"17753-17084",
"18216-17084",
"18217-17084",
"17766-17084",
"19863-17084",
"19605-17084",
"19986-17084",
"19453-17084",
"19962-17084",
"19808-17084",
"18082-17084"
],
"known_affected": [
"17084-30",
"17084-9",
"17084-1",
"17086-28",
"17086-27",
"17086-26",
"17086-29",
"17086-38",
"17086-25",
"17086-24",
"17086-23",
"17086-22",
"17086-21",
"17086-20",
"17086-19",
"17086-18",
"17086-17",
"17084-16",
"17084-33",
"17084-32",
"17084-15",
"17084-14",
"17084-13",
"17084-12",
"17084-36",
"17084-11",
"17084-10",
"17084-35",
"17084-4",
"17084-7",
"17084-2",
"17084-8",
"17084-3",
"17084-5",
"17084-31"
],
"known_not_affected": [
"17084-6",
"17084-34",
"17084-37"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-48795.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "8.7.11-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-30",
"17084-10"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.2.0-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-9",
"17084-12"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "0.10.6-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"17086-19",
"17084-13"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "20.10.27-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-28"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "0.1.55-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-27"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.3.2-25:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-26"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.9.5-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-29"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "2.17.3-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-38"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "20.10.27-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-25"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "0.59.0-26:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-24"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.28.4-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-23"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "8.9p1-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-22"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "7.93-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-21",
"17084-15"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.9.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-20"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "25.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-18"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.11.2-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-17"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "0.8.20-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-16",
"17084-31"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "0.14.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-33",
"17084-5"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.9.5-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-32",
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.11.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-14"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.30.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-36",
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "26.2.3-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-11"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "1.12.12-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-35",
"17084-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "26.2.3-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-7"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-12-25T00:00:00.000Z",
"details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-8"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"17084-30",
"17084-9",
"17084-1",
"17086-28",
"17086-27",
"17086-26",
"17086-29",
"17086-38",
"17086-25",
"17086-24",
"17086-23",
"17086-22",
"17086-21",
"17086-20",
"17086-19",
"17086-18",
"17086-17",
"17084-16",
"17084-33",
"17084-32",
"17084-15",
"17084-14",
"17084-13",
"17084-12",
"17084-36",
"17084-11",
"17084-10",
"17084-35",
"17084-4",
"17084-7",
"17084-2",
"17084-8",
"17084-3",
"17084-5",
"17084-31"
]
}
],
"title": "The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2 "
}
]
}
NCSC-2024-0282
Vulnerability from csaf_ncscnl - Published: 2024-07-09 18:40 - Updated: 2024-07-09 18:40Summary
Kwetsbaarheden verholpen in Siemens Producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDOM, SIMATIC, SINEMA, SIPROTEC en de Engineering Platforms voor diverse systemen.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121: Stack-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-1325: Improperly Controlled Sequential Memory Allocation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-222: Truncation of Security-relevant Information
CWE-266: Incorrect Privilege Assignment
CWE-267: Privilege Defined With Unsafe Actions
CWE-286: Incorrect User Management
CWE-307: Improper Restriction of Excessive Authentication Attempts
CWE-326: Inadequate Encryption Strength
CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
CWE-378: Creation of Temporary File With Insecure Permissions
CWE-400: Uncontrolled Resource Consumption
CWE-425: Direct Request ('Forced Browsing')
CWE-434: Unrestricted Upload of File with Dangerous Type
CWE-476: NULL Pointer Dereference
CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-502: Deserialization of Untrusted Data
CWE-547: Use of Hard-coded, Security-relevant Constants
CWE-602: Client-Side Enforcement of Server-Side Security
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863: Incorrect Authorization
CWE-916: Use of Password Hash With Insufficient Computational Effort
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE-286
- Incorrect User Management
CWE-125
- Out-of-bounds Read
CWE-400
- Uncontrolled Resource Consumption
CWE-502
- Deserialization of Untrusted Data
CWE-502
- Deserialization of Untrusted Data
CWE-121
- Stack-based Buffer Overflow
CWE-222
- Truncation of Security-relevant Information
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ruggedcom_i800
siemens
|
cpe:2.3:a:siemens:ruggedcom_i800:0:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_i800nc
siemens
|
cpe:2.3:a:siemens:ruggedcom_i800nc:0:*:*:*:*:*:*:*
|
— |
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
CWE-1325
- Improperly Controlled Sequential Memory Allocation
CWE-916
- Use of Password Hash With Insufficient Computational Effort
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-121
- Stack-based Buffer Overflow
CWE-359
- Exposure of Private Personal Information to an Unauthorized Actor
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
CWE-787
- Out-of-bounds Write
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ps_iges_parasolid_translator_component
siemens
|
cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*
|
— |
CWE-121
- Stack-based Buffer Overflow
CWE-125
- Out-of-bounds Read
CWE-125
- Out-of-bounds Read
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
jt_open
siemens
|
cpe:2.3:a:siemens:jt_open:0:*:*:*:*:*:*:*
|
— | |
|
plm_xml_sdk
siemens
|
cpe:2.3:a:siemens:plm_xml_sdk:0:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
jt_open
siemens
|
cpe:2.3:a:siemens:jt_open:0:*:*:*:*:*:*:*
|
— | |
|
plm_xml_sdk
siemens
|
cpe:2.3:a:siemens:plm_xml_sdk:0:*:*:*:*:*:*:*
|
— |
CWE-266
- Incorrect Privilege Assignment
CWE-326
- Inadequate Encryption Strength
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-497
- Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-434
- Unrestricted Upload of File with Dangerous Type
CWE-267
- Privilege Defined With Unsafe Actions
CWE-425
- Direct Request ('Forced Browsing')
CWE-425
- Direct Request ('Forced Browsing')
CWE-754
- Improper Check for Unusual or Exceptional Conditions
CWE-602
- Client-Side Enforcement of Server-Side Security
CWE-863
- Incorrect Authorization
CWE-378
- Creation of Temporary File With Insecure Permissions
CWE-307
- Improper Restriction of Excessive Authentication Attempts
CWE-307
- Improper Restriction of Excessive Authentication Attempts
CWE-732
- Incorrect Permission Assignment for Critical Resource
CWE-770
- Allocation of Resources Without Limits or Throttling
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
mendix_encryption
siemens
|
cpe:2.3:a:siemens:mendix_encryption:v10.0.0:*:*:*:*:*:*:*
|
— |
CWE-924
- Improper Enforcement of Message Integrity During Transmission in a Communication Channel
References
69 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDOM, SIMATIC, SINEMA, SIPROTEC en de Engineering Platforms voor diverse systemen.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improperly Controlled Sequential Memory Allocation",
"title": "CWE-1325"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Incorrect Privilege Assignment",
"title": "CWE-266"
},
{
"category": "general",
"text": "Privilege Defined With Unsafe Actions",
"title": "CWE-267"
},
{
"category": "general",
"text": "Incorrect User Management",
"title": "CWE-286"
},
{
"category": "general",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
},
{
"category": "general",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "Creation of Temporary File With Insecure Permissions",
"title": "CWE-378"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Direct Request (\u0027Forced Browsing\u0027)",
"title": "CWE-425"
},
{
"category": "general",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"title": "CWE-497"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Use of Hard-coded, Security-relevant Constants",
"title": "CWE-547"
},
{
"category": "general",
"text": "Client-Side Enforcement of Server-Side Security",
"title": "CWE-602"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Use of Password Hash With Insufficient Computational Effort",
"title": "CWE-916"
},
{
"category": "general",
"text": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"title": "CWE-924"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-064222.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-088132.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170375.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313039.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364175.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381581.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-698820.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-722010.pdf"
},
{
"category": "external",
"summary": "Reference - siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723487.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750499.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-779936.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-824889.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-868282.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-883918.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-928781.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-998949.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens Producten",
"tracking": {
"current_release_date": "2024-07-09T18:40:57.534939Z",
"id": "NCSC-2024-0282",
"initial_release_date": "2024-07-09T18:40:57.534939Z",
"revision_history": [
{
"date": "2024-07-09T18:40:57.534939Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "jt_open",
"product": {
"name": "jt_open",
"product_id": "CSAFPID-1497083",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:jt_open:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_encryption",
"product": {
"name": "mendix_encryption",
"product_id": "CSAFPID-1497113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_encryption:v10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "plm_xml_sdk",
"product": {
"name": "plm_xml_sdk",
"product_id": "CSAFPID-1497084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:plm_xml_sdk:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ps_iges_parasolid_translator_component",
"product": {
"name": "ps_iges_parasolid_translator_component",
"product_id": "CSAFPID-1464909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1496944",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1497438",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1497459",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1497481",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1497482",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1497428",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1497379",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1497388",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1498045",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800",
"product": {
"name": "ruggedcom_i800",
"product_id": "CSAFPID-1497498",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800nc",
"product": {
"name": "ruggedcom_i800nc",
"product_id": "CSAFPID-1496945",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800nc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_i800nc",
"product": {
"name": "ruggedcom_i800nc",
"product_id": "CSAFPID-1497536",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_i800nc:4.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom",
"product": {
"name": "ruggedcom",
"product_id": "CSAFPID-1498050",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom",
"product": {
"name": "ruggedcom",
"product_id": "CSAFPID-1497507",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom",
"product": {
"name": "ruggedcom",
"product_id": "CSAFPID-1498073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom",
"product": {
"name": "ruggedcom",
"product_id": "CSAFPID-1497596",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom",
"product": {
"name": "ruggedcom",
"product_id": "CSAFPID-1497876",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom",
"product": {
"name": "ruggedcom",
"product_id": "CSAFPID-1497817",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.5:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32260",
"cwe": {
"id": "CWE-286",
"name": "Incorrect User Management"
},
"notes": [
{
"category": "other",
"text": "Incorrect User Management",
"title": "CWE-286"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-32260",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-32260.json"
}
],
"title": "CVE-2022-32260"
},
{
"cve": "CVE-2023-7066",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-7066",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7066.json"
}
],
"title": "CVE-2023-7066"
},
{
"cve": "CVE-2023-27321",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Improperly Controlled Sequential Memory Allocation",
"title": "CWE-1325"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-27321",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27321.json"
}
],
"title": "CVE-2023-27321"
},
{
"cve": "CVE-2023-32735",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-32735",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32735.json"
}
],
"title": "CVE-2023-32735"
},
{
"cve": "CVE-2023-32737",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-32737",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32737.json"
}
],
"title": "CVE-2023-32737"
},
{
"cve": "CVE-2023-46720",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-46720",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46720.json"
}
],
"title": "CVE-2023-46720"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52237",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1496944",
"CSAFPID-1496945"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52237",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52237.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1496944",
"CSAFPID-1496945"
]
}
],
"title": "CVE-2023-52237"
},
{
"cve": "CVE-2023-52238",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-52238",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52238.json"
}
],
"title": "CVE-2023-52238"
},
{
"cve": "CVE-2023-52891",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Sequential Memory Allocation",
"title": "CWE-1325"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-52891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52891.json"
}
],
"title": "CVE-2023-52891"
},
{
"cve": "CVE-2024-21754",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"notes": [
{
"category": "other",
"text": "Use of Password Hash With Insufficient Computational Effort",
"title": "CWE-916"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-21754",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21754.json"
}
],
"title": "CVE-2024-21754"
},
{
"cve": "CVE-2024-23111",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-23111",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23111.json"
}
],
"title": "CVE-2024-23111"
},
{
"cve": "CVE-2024-26010",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-26010",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26010.json"
}
],
"title": "CVE-2024-26010"
},
{
"cve": "CVE-2024-30321",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-30321",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30321.json"
}
],
"title": "CVE-2024-30321"
},
{
"cve": "CVE-2024-32055",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32055",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32055.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32055"
},
{
"cve": "CVE-2024-32056",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-32056",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32056.json"
}
],
"title": "CVE-2024-32056"
},
{
"cve": "CVE-2024-32057",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32057",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32057"
},
{
"cve": "CVE-2024-32058",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32058",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32058"
},
{
"cve": "CVE-2024-32059",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32059",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32059"
},
{
"cve": "CVE-2024-32060",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32060",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32060.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32060"
},
{
"cve": "CVE-2024-32061",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32061",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32061.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32061"
},
{
"cve": "CVE-2024-32062",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32062"
},
{
"cve": "CVE-2024-32063",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32063",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32063.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32063"
},
{
"cve": "CVE-2024-32064",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32064"
},
{
"cve": "CVE-2024-32065",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32065",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32065.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32065"
},
{
"cve": "CVE-2024-32066",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464909"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32066",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32066.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1464909"
]
}
],
"title": "CVE-2024-32066"
},
{
"cve": "CVE-2024-33577",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33577",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33577.json"
}
],
"title": "CVE-2024-33577"
},
{
"cve": "CVE-2024-33653",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33653",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33653.json"
}
],
"title": "CVE-2024-33653"
},
{
"cve": "CVE-2024-33654",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33654",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33654.json"
}
],
"title": "CVE-2024-33654"
},
{
"cve": "CVE-2024-37996",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1497083",
"CSAFPID-1497084"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37996",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37996.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1497083",
"CSAFPID-1497084"
]
}
],
"title": "CVE-2024-37996"
},
{
"cve": "CVE-2024-37997",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1497083",
"CSAFPID-1497084"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37997",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37997.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1497083",
"CSAFPID-1497084"
]
}
],
"title": "CVE-2024-37997"
},
{
"cve": "CVE-2024-38278",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"notes": [
{
"category": "other",
"text": "Incorrect Privilege Assignment",
"title": "CWE-266"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38278",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38278.json"
}
],
"title": "CVE-2024-38278"
},
{
"cve": "CVE-2024-38867",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38867",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38867.json"
}
],
"title": "CVE-2024-38867"
},
{
"cve": "CVE-2024-39567",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39567",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39567.json"
}
],
"title": "CVE-2024-39567"
},
{
"cve": "CVE-2024-39568",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39568",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39568.json"
}
],
"title": "CVE-2024-39568"
},
{
"cve": "CVE-2024-39569",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39569",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39569.json"
}
],
"title": "CVE-2024-39569"
},
{
"cve": "CVE-2024-39570",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39570",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39570.json"
}
],
"title": "CVE-2024-39570"
},
{
"cve": "CVE-2024-39571",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39571",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39571.json"
}
],
"title": "CVE-2024-39571"
},
{
"cve": "CVE-2024-39675",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"title": "CWE-497"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39675",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39675.json"
}
],
"title": "CVE-2024-39675"
},
{
"cve": "CVE-2024-39865",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "other",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39865",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39865.json"
}
],
"title": "CVE-2024-39865"
},
{
"cve": "CVE-2024-39866",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"notes": [
{
"category": "other",
"text": "Privilege Defined With Unsafe Actions",
"title": "CWE-267"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39866",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39866.json"
}
],
"title": "CVE-2024-39866"
},
{
"cve": "CVE-2024-39867",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"notes": [
{
"category": "other",
"text": "Direct Request (\u0027Forced Browsing\u0027)",
"title": "CWE-425"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39867",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39867.json"
}
],
"title": "CVE-2024-39867"
},
{
"cve": "CVE-2024-39868",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"notes": [
{
"category": "other",
"text": "Direct Request (\u0027Forced Browsing\u0027)",
"title": "CWE-425"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39868",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39868.json"
}
],
"title": "CVE-2024-39868"
},
{
"cve": "CVE-2024-39869",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39869",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39869.json"
}
],
"title": "CVE-2024-39869"
},
{
"cve": "CVE-2024-39870",
"cwe": {
"id": "CWE-602",
"name": "Client-Side Enforcement of Server-Side Security"
},
"notes": [
{
"category": "other",
"text": "Client-Side Enforcement of Server-Side Security",
"title": "CWE-602"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39870",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39870.json"
}
],
"title": "CVE-2024-39870"
},
{
"cve": "CVE-2024-39871",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39871",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39871.json"
}
],
"title": "CVE-2024-39871"
},
{
"cve": "CVE-2024-39872",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"notes": [
{
"category": "other",
"text": "Creation of Temporary File With Insecure Permissions",
"title": "CWE-378"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39872",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39872.json"
}
],
"title": "CVE-2024-39872"
},
{
"cve": "CVE-2024-39873",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39873",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39873.json"
}
],
"title": "CVE-2024-39873"
},
{
"cve": "CVE-2024-39874",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39874",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39874.json"
}
],
"title": "CVE-2024-39874"
},
{
"cve": "CVE-2024-39875",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39875",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39875.json"
}
],
"title": "CVE-2024-39875"
},
{
"cve": "CVE-2024-39876",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39876",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39876.json"
}
],
"title": "CVE-2024-39876"
},
{
"cve": "CVE-2024-39888",
"cwe": {
"id": "CWE-547",
"name": "Use of Hard-coded, Security-relevant Constants"
},
"notes": [
{
"category": "other",
"text": "Use of Hard-coded, Security-relevant Constants",
"title": "CWE-547"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1497113"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39888",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39888.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1497113"
]
}
],
"title": "CVE-2024-39888"
},
{
"cve": "CVE-2024-3596",
"cwe": {
"id": "CWE-924",
"name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
},
"notes": [
{
"category": "other",
"text": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"title": "CWE-924"
},
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-3596",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-3596.json"
}
],
"title": "CVE-2024-3596"
}
]
}
NCSC-2024-0293
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:52 - Updated: 2024-07-17 13:52Summary
Kwetsbaarheden verholpen in Oracle Communications Applications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Communications Applications.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* Omzeilen van beveiligingsmaatregel
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-1329: Reliance on Component That is Not Updateable
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-203: Observable Discrepancy
CWE-222: Truncation of Security-relevant Information
CWE-284: Improper Access Control
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-416: Use After Free
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
5.3 (Medium)
Affected products
Known affected
262 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server_-_service_controller
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_calendar_server
oracle
|
cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_intelligence_hub
oracle
|
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence_center__pic__software
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_calendar_server
oracle
|
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server_-_service_controller
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_evolved_communications_application_server
oracle
|
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
|
— | |
|
communications_interactive_session_recorder
oracle
|
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_services_gatekeeper
oracle
|
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_data_model
oracle
|
cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_session_manager
oracle
|
cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*
|
— | |
|
communications_unified_session_manager
oracle
|
cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_software
oracle
|
cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_software
oracle
|
cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*
|
— | |
|
communications_session_route_manager
oracle
|
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence_center__pic__software
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence_center__pic__software
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_ftp_table_base_retrieval
oracle
|
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_lnp_application_processor
oracle
|
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_lnp_application_processor
oracle
|
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_application_processor
oracle
|
cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_intelligence_hub
oracle
|
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— |
5.4 (Medium)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
258 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server_-_service_controller
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_calendar_server
oracle
|
cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_configuration_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_configuration_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_core_session_manager
oracle
|
cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*
|
— | |
|
communications_core_session_manager
oracle
|
cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_services_gatekeeper
oracle
|
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*
|
— | |
|
communications_session_router
oracle
|
cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_router
oracle
|
cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*
|
— | |
|
communications_subscriber-aware_load_balancer
oracle
|
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_subscriber-aware_load_balancer
oracle
|
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_intelligence_hub
oracle
|
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence_center__pic__software
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_calendar_server
oracle
|
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
97 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
120 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
144 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
146 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— |
CWE-416
- Use After Free
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
References
34 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Communications Applications.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* Omzeilen van beveiligingsmaatregel\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Reliance on Component That is Not Updateable",
"title": "CWE-1329"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34381"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29081"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5981"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23807"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications Applications",
"tracking": {
"current_release_date": "2024-07-17T13:52:33.045762Z",
"id": "NCSC-2024-0293",
"initial_release_date": "2024-07-17T13:52:33.045762Z",
"revision_history": [
{
"date": "2024-07-17T13:52:33.045762Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-764735",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-204639",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-204627",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-912557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-816793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm__-_elastic_charging_engine",
"product": {
"name": "communications_brm__-_elastic_charging_engine",
"product_id": "CSAFPID-817694",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm__-_elastic_charging_engine:12.0.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm__-_elastic_charging_engine",
"product": {
"name": "communications_brm__-_elastic_charging_engine",
"product_id": "CSAFPID-817695",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm__-_elastic_charging_engine:12.0.0.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm__-_elastic_charging_engine",
"product": {
"name": "communications_brm__-_elastic_charging_engine",
"product_id": "CSAFPID-912100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm__-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm_-_elastic_charging_engine",
"product": {
"name": "communications_brm_-_elastic_charging_engine",
"product_id": "CSAFPID-764247",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm_-_elastic_charging_engine",
"product": {
"name": "communications_brm_-_elastic_charging_engine",
"product_id": "CSAFPID-912556",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_calendar_server",
"product": {
"name": "communications_calendar_server",
"product_id": "CSAFPID-764736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_calendar_server",
"product": {
"name": "communications_calendar_server",
"product_id": "CSAFPID-220190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_configuration_console",
"product": {
"name": "communications_cloud_native_configuration_console",
"product_id": "CSAFPID-391501",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_configuration_console",
"product": {
"name": "communications_cloud_native_configuration_console",
"product_id": "CSAFPID-440102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-89545",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-180215",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-180197",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220548",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-41516",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-41515",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220057",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220055",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816766",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-1503577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-764237",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-40612",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-608629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-93784",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-41111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-1685",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-493445",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-294401",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-220547",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-764824",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-220459",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-45184",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-45182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-45181",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-912066",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-912067",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-1503323",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-93546",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-180195",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-187447",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-45186",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-45185",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-220559",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-220558",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-764238",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-764239",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-816768",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-816769",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-912085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-1503578",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-764825",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-816770",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-816771",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-912068",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-1503579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-180201",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-760687",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-40947",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-93635",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-503534",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-90018",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-220327",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-94290",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-220325",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-614513",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-643776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-816772",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-912076",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-1503580",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912539",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912540",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912541",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912542",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912543",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-40613",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-2044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-449747",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-40301",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-449746",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-40298",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-223527",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-503493",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-260394",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-219838",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-611387",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-618156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-816773",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-1503581",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816775",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-912544",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-40611",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-40609",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-180198",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-760688",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-493444",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-93633",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-220056",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-223511",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-216017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-220889",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-614516",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816774",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-220918",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-614515",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-614514",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816346",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-912077",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-1503322",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816777",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-40608",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-180199",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-260395",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-260393",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816348",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-912545",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816347",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-764240",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-220468",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-2310",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-93547",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-180200",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-93636",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-90020",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-90015",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-220133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-912069",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-912070",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-765371",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-912546",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-180216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-180202",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-40300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-93653",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-40949",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-642000",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-93634",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-220561",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-90021",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-94292",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-218028",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-220881",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-94291",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-220910",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-220324",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-611401",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-816778",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-614517",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-912547",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-1503582",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-166032",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-40610",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-642002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-493443",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-642001",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-224796",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-224795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912548",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912549",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503583",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503585",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-816779",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-180217",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-180196",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-165576",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-764899",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-589926",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-179780",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-40948",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-589925",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-179779",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-764826",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-90019",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-90016",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-220326",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-764241",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-912078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-816349",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-912550",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1503586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1503587",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_contacts_server",
"product": {
"name": "communications_contacts_server",
"product_id": "CSAFPID-764737",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_contacts_server",
"product": {
"name": "communications_contacts_server",
"product_id": "CSAFPID-224787",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_contacts_server",
"product": {
"name": "communications_contacts_server",
"product_id": "CSAFPID-220189",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server_-_service_controller",
"product": {
"name": "communications_converged_application_server_-_service_controller",
"product_id": "CSAFPID-426842",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server_-_service_controller",
"product": {
"name": "communications_converged_application_server_-_service_controller",
"product_id": "CSAFPID-764734",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server",
"product": {
"name": "communications_converged_application_server",
"product_id": "CSAFPID-764827",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server",
"product": {
"name": "communications_converged_application_server",
"product_id": "CSAFPID-764828",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_charging_system",
"product": {
"name": "communications_converged_charging_system",
"product_id": "CSAFPID-1503599",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_charging_system",
"product": {
"name": "communications_converged_charging_system",
"product_id": "CSAFPID-1503600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-345031",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-204635",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-764833",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-224793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-816794",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-342793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-764248",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-1265",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-816350",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-1261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_core_session_manager",
"product": {
"name": "communications_core_session_manager",
"product_id": "CSAFPID-93777",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_core_session_manager",
"product": {
"name": "communications_core_session_manager",
"product_id": "CSAFPID-93772",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_data_model",
"product": {
"name": "communications_data_model",
"product_id": "CSAFPID-764902",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-765372",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-342799",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-704412",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-704411",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-41183",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-704410",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_intelligence_hub",
"product": {
"name": "communications_diameter_intelligence_hub",
"product_id": "CSAFPID-342802",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_intelligence_hub",
"product": {
"name": "communications_diameter_intelligence_hub",
"product_id": "CSAFPID-764829",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-912551",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-912552",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1503588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1882",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-40293",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-611413",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_application_processor",
"product": {
"name": "communications_eagle_application_processor",
"product_id": "CSAFPID-765369",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-204528",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-1503316",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-1503317",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_ftp_table_base_retrieval",
"product": {
"name": "communications_eagle_ftp_table_base_retrieval",
"product_id": "CSAFPID-204623",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_lnp_application_processor",
"product": {
"name": "communications_eagle_lnp_application_processor",
"product_id": "CSAFPID-352633",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_lnp_application_processor",
"product": {
"name": "communications_eagle_lnp_application_processor",
"product_id": "CSAFPID-352632",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_software",
"product": {
"name": "communications_eagle_software",
"product_id": "CSAFPID-765366",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_software",
"product": {
"name": "communications_eagle_software",
"product_id": "CSAFPID-765365",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_elastic_charging_engine",
"product": {
"name": "communications_elastic_charging_engine",
"product_id": "CSAFPID-764834",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-764242",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-93630",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-345038",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-93629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-611422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-816780",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_evolved_communications_application_server",
"product": {
"name": "communications_evolved_communications_application_server",
"product_id": "CSAFPID-204645",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-816781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-816782",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-912553",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_instant_messaging_server",
"product": {
"name": "communications_instant_messaging_server",
"product_id": "CSAFPID-207586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_instant_messaging_server",
"product": {
"name": "communications_instant_messaging_server",
"product_id": "CSAFPID-234306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_instant_messaging_server",
"product": {
"name": "communications_instant_messaging_server",
"product_id": "CSAFPID-219803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_interactive_session_recorder",
"product": {
"name": "communications_interactive_session_recorder",
"product_id": "CSAFPID-1893",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_ip_service_activator",
"product": {
"name": "communications_ip_service_activator",
"product_id": "CSAFPID-204622",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_ip_service_activator",
"product": {
"name": "communications_ip_service_activator",
"product_id": "CSAFPID-219909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-41182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-764835",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-375182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-816351",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_metasolv_solution",
"product": {
"name": "communications_metasolv_solution",
"product_id": "CSAFPID-226017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_metasolv_solution",
"product": {
"name": "communications_metasolv_solution",
"product_id": "CSAFPID-611595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816783",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816786",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816784",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816787",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816785",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816788",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-220167",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-764243",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816353",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816352",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-1503589",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-1503590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-342803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-764249",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-1266",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-816354",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-204563",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-220125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-245244",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-204554",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-219776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-765242",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-916905",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-916906",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-9489",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-110249",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-93781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-220132",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-912079",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-219898",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-224791",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-179774",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-224790",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-221118",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence_center__pic__software",
"product": {
"name": "communications_performance_intelligence_center__pic__software",
"product_id": "CSAFPID-765367",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence_center__pic__software",
"product": {
"name": "communications_performance_intelligence_center__pic__software",
"product_id": "CSAFPID-765368",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence_center__pic__software",
"product": {
"name": "communications_performance_intelligence_center__pic__software",
"product_id": "CSAFPID-764830",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence",
"product": {
"name": "communications_performance_intelligence",
"product_id": "CSAFPID-1503591",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-573035",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-611406",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-45192",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-816789",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-816790",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-764738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-204595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-228321",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-204590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-816356",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-816355",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816796",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816797",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-1503601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816359",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816358",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816357",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-1503602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-912558",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_services_gatekeeper",
"product": {
"name": "communications_services_gatekeeper",
"product_id": "CSAFPID-608630",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503592",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503593",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-40294",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-40292",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-40291",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503594",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-342804",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-93631",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-345039",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-93628",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-611423",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-816791",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_route_manager",
"product": {
"name": "communications_session_route_manager",
"product_id": "CSAFPID-342805",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_router",
"product": {
"name": "communications_session_router",
"product_id": "CSAFPID-764780",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_router",
"product": {
"name": "communications_session_router",
"product_id": "CSAFPID-764781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_subscriber-aware_load_balancer",
"product": {
"name": "communications_subscriber-aware_load_balancer",
"product_id": "CSAFPID-93775",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_subscriber-aware_load_balancer",
"product": {
"name": "communications_subscriber-aware_load_balancer",
"product_id": "CSAFPID-93774",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-240600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-78764",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-816360",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.19:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-78762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-764901",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-614089",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-764739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-204614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-8984",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-204510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-204569",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-219826",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-912073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_session_manager",
"product": {
"name": "communications_unified_session_manager",
"product_id": "CSAFPID-110243",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_session_manager",
"product": {
"name": "communications_unified_session_manager",
"product_id": "CSAFPID-205759",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503596",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503597",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503598",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-76994",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-764900",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-568240",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-355340",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-764782",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-912080",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-912554",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-703515",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-611408",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-204456",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-611407",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2310",
"CSAFPID-764237",
"CSAFPID-220558",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-614513",
"CSAFPID-643776",
"CSAFPID-611387",
"CSAFPID-618156",
"CSAFPID-614516",
"CSAFPID-614515",
"CSAFPID-614514",
"CSAFPID-764240",
"CSAFPID-94291",
"CSAFPID-611401",
"CSAFPID-614517",
"CSAFPID-764241",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-611406",
"CSAFPID-342804",
"CSAFPID-611408",
"CSAFPID-611407",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-611595",
"CSAFPID-764249",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-220057",
"CSAFPID-220055",
"CSAFPID-220909",
"CSAFPID-45184",
"CSAFPID-45182",
"CSAFPID-220559",
"CSAFPID-220327",
"CSAFPID-220325",
"CSAFPID-219838",
"CSAFPID-220056",
"CSAFPID-223511",
"CSAFPID-216017",
"CSAFPID-220889",
"CSAFPID-220918",
"CSAFPID-90020",
"CSAFPID-90015",
"CSAFPID-220133",
"CSAFPID-220561",
"CSAFPID-90021",
"CSAFPID-220881",
"CSAFPID-220910",
"CSAFPID-220324",
"CSAFPID-224796",
"CSAFPID-224795",
"CSAFPID-220326",
"CSAFPID-764734",
"CSAFPID-220167",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-764735",
"CSAFPID-764736",
"CSAFPID-764737",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-704412",
"CSAFPID-704411",
"CSAFPID-704410",
"CSAFPID-219803",
"CSAFPID-375182",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-219776",
"CSAFPID-224791",
"CSAFPID-764738",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-220548",
"CSAFPID-41516",
"CSAFPID-41515",
"CSAFPID-608629",
"CSAFPID-93784",
"CSAFPID-41111",
"CSAFPID-1685",
"CSAFPID-493445",
"CSAFPID-294401",
"CSAFPID-220547",
"CSAFPID-764824",
"CSAFPID-220459",
"CSAFPID-45186",
"CSAFPID-45185",
"CSAFPID-764825",
"CSAFPID-93635",
"CSAFPID-503534",
"CSAFPID-503493",
"CSAFPID-493444",
"CSAFPID-93633",
"CSAFPID-260395",
"CSAFPID-260393",
"CSAFPID-220468",
"CSAFPID-93636",
"CSAFPID-93634",
"CSAFPID-589926",
"CSAFPID-179780",
"CSAFPID-589925",
"CSAFPID-179779",
"CSAFPID-764826",
"CSAFPID-764827",
"CSAFPID-764828",
"CSAFPID-764829",
"CSAFPID-764830",
"CSAFPID-220190",
"CSAFPID-220189",
"CSAFPID-764833",
"CSAFPID-187447",
"CSAFPID-760687",
"CSAFPID-40947",
"CSAFPID-2044",
"CSAFPID-449747",
"CSAFPID-40301",
"CSAFPID-449746",
"CSAFPID-40298",
"CSAFPID-223527",
"CSAFPID-760688",
"CSAFPID-40300",
"CSAFPID-93653",
"CSAFPID-40949",
"CSAFPID-642000",
"CSAFPID-642002",
"CSAFPID-642001",
"CSAFPID-165576",
"CSAFPID-764899",
"CSAFPID-40948",
"CSAFPID-426842",
"CSAFPID-93630",
"CSAFPID-204645",
"CSAFPID-1893",
"CSAFPID-45192",
"CSAFPID-608630",
"CSAFPID-40294",
"CSAFPID-40292",
"CSAFPID-40291",
"CSAFPID-93631",
"CSAFPID-764900",
"CSAFPID-568240",
"CSAFPID-355340",
"CSAFPID-703515",
"CSAFPID-204456",
"CSAFPID-204635",
"CSAFPID-1261",
"CSAFPID-41182",
"CSAFPID-204563",
"CSAFPID-219898",
"CSAFPID-179774",
"CSAFPID-764901",
"CSAFPID-764902",
"CSAFPID-110243",
"CSAFPID-205759",
"CSAFPID-9489",
"CSAFPID-41183",
"CSAFPID-764834",
"CSAFPID-234306",
"CSAFPID-764835",
"CSAFPID-226017",
"CSAFPID-8984",
"CSAFPID-110249",
"CSAFPID-765365",
"CSAFPID-765366",
"CSAFPID-342805",
"CSAFPID-1882",
"CSAFPID-573035",
"CSAFPID-765367",
"CSAFPID-765368",
"CSAFPID-76994",
"CSAFPID-204623",
"CSAFPID-352633",
"CSAFPID-352632",
"CSAFPID-765369",
"CSAFPID-204528",
"CSAFPID-342802",
"CSAFPID-40610",
"CSAFPID-40611",
"CSAFPID-40609",
"CSAFPID-180198",
"CSAFPID-180217",
"CSAFPID-180196",
"CSAFPID-40612",
"CSAFPID-180201",
"CSAFPID-180216",
"CSAFPID-180202",
"CSAFPID-40613",
"CSAFPID-40608",
"CSAFPID-180199",
"CSAFPID-93546",
"CSAFPID-180195",
"CSAFPID-93547",
"CSAFPID-180200",
"CSAFPID-765371",
"CSAFPID-89545",
"CSAFPID-180215",
"CSAFPID-180197",
"CSAFPID-204639",
"CSAFPID-204627",
"CSAFPID-342799",
"CSAFPID-765372",
"CSAFPID-220125",
"CSAFPID-245244",
"CSAFPID-204554",
"CSAFPID-204614",
"CSAFPID-207586",
"CSAFPID-345031",
"CSAFPID-204595",
"CSAFPID-204590",
"CSAFPID-224787",
"CSAFPID-1503577",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-912556",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-816350",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13956",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2310",
"CSAFPID-764237",
"CSAFPID-220558",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-614513",
"CSAFPID-643776",
"CSAFPID-611387",
"CSAFPID-618156",
"CSAFPID-614516",
"CSAFPID-614515",
"CSAFPID-614514",
"CSAFPID-764240",
"CSAFPID-94291",
"CSAFPID-611401",
"CSAFPID-614517",
"CSAFPID-764241",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-611406",
"CSAFPID-342804",
"CSAFPID-611408",
"CSAFPID-611407",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-611595",
"CSAFPID-764249",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-220057",
"CSAFPID-220055",
"CSAFPID-220909",
"CSAFPID-45184",
"CSAFPID-45182",
"CSAFPID-220559",
"CSAFPID-220327",
"CSAFPID-220325",
"CSAFPID-219838",
"CSAFPID-220056",
"CSAFPID-223511",
"CSAFPID-216017",
"CSAFPID-220889",
"CSAFPID-220918",
"CSAFPID-90020",
"CSAFPID-90015",
"CSAFPID-220133",
"CSAFPID-220561",
"CSAFPID-90021",
"CSAFPID-220881",
"CSAFPID-220910",
"CSAFPID-220324",
"CSAFPID-224796",
"CSAFPID-224795",
"CSAFPID-220326",
"CSAFPID-764734",
"CSAFPID-220167",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-764735",
"CSAFPID-764736",
"CSAFPID-764737",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-704412",
"CSAFPID-704411",
"CSAFPID-704410",
"CSAFPID-219803",
"CSAFPID-375182",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-219776",
"CSAFPID-224791",
"CSAFPID-764738",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-220548",
"CSAFPID-41516",
"CSAFPID-41515",
"CSAFPID-608629",
"CSAFPID-93784",
"CSAFPID-41111",
"CSAFPID-1685",
"CSAFPID-493445",
"CSAFPID-294401",
"CSAFPID-220547",
"CSAFPID-764824",
"CSAFPID-220459",
"CSAFPID-45186",
"CSAFPID-45185",
"CSAFPID-764825",
"CSAFPID-93635",
"CSAFPID-503534",
"CSAFPID-503493",
"CSAFPID-493444",
"CSAFPID-93633",
"CSAFPID-260395",
"CSAFPID-260393",
"CSAFPID-220468",
"CSAFPID-93636",
"CSAFPID-93634",
"CSAFPID-589926",
"CSAFPID-179780",
"CSAFPID-589925",
"CSAFPID-179779",
"CSAFPID-764826",
"CSAFPID-764827",
"CSAFPID-764828",
"CSAFPID-764829",
"CSAFPID-764830",
"CSAFPID-220190",
"CSAFPID-220189",
"CSAFPID-764833",
"CSAFPID-187447",
"CSAFPID-760687",
"CSAFPID-40947",
"CSAFPID-2044",
"CSAFPID-449747",
"CSAFPID-40301",
"CSAFPID-449746",
"CSAFPID-40298",
"CSAFPID-223527",
"CSAFPID-760688",
"CSAFPID-40300",
"CSAFPID-93653",
"CSAFPID-40949",
"CSAFPID-642000",
"CSAFPID-642002",
"CSAFPID-642001",
"CSAFPID-165576",
"CSAFPID-764899",
"CSAFPID-40948",
"CSAFPID-426842",
"CSAFPID-93630",
"CSAFPID-204645",
"CSAFPID-1893",
"CSAFPID-45192",
"CSAFPID-608630",
"CSAFPID-40294",
"CSAFPID-40292",
"CSAFPID-40291",
"CSAFPID-93631",
"CSAFPID-764900",
"CSAFPID-568240",
"CSAFPID-355340",
"CSAFPID-703515",
"CSAFPID-204456",
"CSAFPID-204635",
"CSAFPID-1261",
"CSAFPID-41182",
"CSAFPID-204563",
"CSAFPID-219898",
"CSAFPID-179774",
"CSAFPID-764901",
"CSAFPID-764902",
"CSAFPID-110243",
"CSAFPID-205759",
"CSAFPID-9489",
"CSAFPID-41183",
"CSAFPID-764834",
"CSAFPID-234306",
"CSAFPID-764835",
"CSAFPID-226017",
"CSAFPID-8984",
"CSAFPID-110249",
"CSAFPID-765365",
"CSAFPID-765366",
"CSAFPID-342805",
"CSAFPID-1882",
"CSAFPID-573035",
"CSAFPID-765367",
"CSAFPID-765368",
"CSAFPID-76994",
"CSAFPID-204623",
"CSAFPID-352633",
"CSAFPID-352632",
"CSAFPID-765369",
"CSAFPID-204528",
"CSAFPID-342802",
"CSAFPID-40610",
"CSAFPID-40611",
"CSAFPID-40609",
"CSAFPID-180198",
"CSAFPID-180217",
"CSAFPID-180196",
"CSAFPID-40612",
"CSAFPID-180201",
"CSAFPID-180216",
"CSAFPID-180202",
"CSAFPID-40613",
"CSAFPID-40608",
"CSAFPID-180199",
"CSAFPID-93546",
"CSAFPID-180195",
"CSAFPID-93547",
"CSAFPID-180200",
"CSAFPID-765371",
"CSAFPID-89545",
"CSAFPID-180215",
"CSAFPID-180197",
"CSAFPID-204639",
"CSAFPID-204627",
"CSAFPID-342799",
"CSAFPID-765372",
"CSAFPID-220125",
"CSAFPID-245244",
"CSAFPID-204554",
"CSAFPID-204614",
"CSAFPID-207586",
"CSAFPID-345031",
"CSAFPID-204595",
"CSAFPID-204590",
"CSAFPID-224787",
"CSAFPID-1503577",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-912556",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-816350",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
}
],
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2021-29489",
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29489",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29489.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2021-29489"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-219776",
"CSAFPID-345038",
"CSAFPID-219909",
"CSAFPID-204622",
"CSAFPID-345039",
"CSAFPID-764237",
"CSAFPID-220558",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-614513",
"CSAFPID-643776",
"CSAFPID-611387",
"CSAFPID-618156",
"CSAFPID-614516",
"CSAFPID-614515",
"CSAFPID-614514",
"CSAFPID-764240",
"CSAFPID-94291",
"CSAFPID-611401",
"CSAFPID-614517",
"CSAFPID-764241",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-611406",
"CSAFPID-342804",
"CSAFPID-611408",
"CSAFPID-611407",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-611595",
"CSAFPID-764249",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-220057",
"CSAFPID-220055",
"CSAFPID-220909",
"CSAFPID-45184",
"CSAFPID-45182",
"CSAFPID-220559",
"CSAFPID-220327",
"CSAFPID-220325",
"CSAFPID-219838",
"CSAFPID-220056",
"CSAFPID-223511",
"CSAFPID-216017",
"CSAFPID-220889",
"CSAFPID-220918",
"CSAFPID-90020",
"CSAFPID-90015",
"CSAFPID-220133",
"CSAFPID-220561",
"CSAFPID-90021",
"CSAFPID-220881",
"CSAFPID-220910",
"CSAFPID-220324",
"CSAFPID-224796",
"CSAFPID-224795",
"CSAFPID-220326",
"CSAFPID-764734",
"CSAFPID-220167",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-764735",
"CSAFPID-764736",
"CSAFPID-764737",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-704412",
"CSAFPID-704411",
"CSAFPID-704410",
"CSAFPID-219803",
"CSAFPID-375182",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-224791",
"CSAFPID-764738",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-391501",
"CSAFPID-440102",
"CSAFPID-41516",
"CSAFPID-41515",
"CSAFPID-45181",
"CSAFPID-45186",
"CSAFPID-45185",
"CSAFPID-90018",
"CSAFPID-94290",
"CSAFPID-260394",
"CSAFPID-94292",
"CSAFPID-218028",
"CSAFPID-493443",
"CSAFPID-90019",
"CSAFPID-90016",
"CSAFPID-93777",
"CSAFPID-93772",
"CSAFPID-93629",
"CSAFPID-45192",
"CSAFPID-608630",
"CSAFPID-40292",
"CSAFPID-40291",
"CSAFPID-93628",
"CSAFPID-764780",
"CSAFPID-764781",
"CSAFPID-93775",
"CSAFPID-93774",
"CSAFPID-764782",
"CSAFPID-1261",
"CSAFPID-204563",
"CSAFPID-8984",
"CSAFPID-220548",
"CSAFPID-608629",
"CSAFPID-93784",
"CSAFPID-41111",
"CSAFPID-1685",
"CSAFPID-493445",
"CSAFPID-294401",
"CSAFPID-220547",
"CSAFPID-764824",
"CSAFPID-220459",
"CSAFPID-764825",
"CSAFPID-93635",
"CSAFPID-503534",
"CSAFPID-503493",
"CSAFPID-493444",
"CSAFPID-93633",
"CSAFPID-260395",
"CSAFPID-260393",
"CSAFPID-220468",
"CSAFPID-93636",
"CSAFPID-93634",
"CSAFPID-589926",
"CSAFPID-179780",
"CSAFPID-589925",
"CSAFPID-179779",
"CSAFPID-764826",
"CSAFPID-764827",
"CSAFPID-764828",
"CSAFPID-764829",
"CSAFPID-764830",
"CSAFPID-220190",
"CSAFPID-220189",
"CSAFPID-764833",
"CSAFPID-41183",
"CSAFPID-764834",
"CSAFPID-234306",
"CSAFPID-764835",
"CSAFPID-226017",
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816346",
"CSAFPID-816776",
"CSAFPID-816348",
"CSAFPID-816777",
"CSAFPID-816347",
"CSAFPID-816778",
"CSAFPID-816779",
"CSAFPID-816349",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816353",
"CSAFPID-816786",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816352",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816350",
"CSAFPID-816351",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-816795",
"CSAFPID-816359",
"CSAFPID-816796",
"CSAFPID-816358",
"CSAFPID-816797",
"CSAFPID-816357",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-765242",
"CSAFPID-912558",
"CSAFPID-912073",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-219776",
"CSAFPID-345038",
"CSAFPID-219909",
"CSAFPID-204622",
"CSAFPID-345039",
"CSAFPID-764237",
"CSAFPID-220558",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-614513",
"CSAFPID-643776",
"CSAFPID-611387",
"CSAFPID-618156",
"CSAFPID-614516",
"CSAFPID-614515",
"CSAFPID-614514",
"CSAFPID-764240",
"CSAFPID-94291",
"CSAFPID-611401",
"CSAFPID-614517",
"CSAFPID-764241",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-611406",
"CSAFPID-342804",
"CSAFPID-611408",
"CSAFPID-611407",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-611595",
"CSAFPID-764249",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-220057",
"CSAFPID-220055",
"CSAFPID-220909",
"CSAFPID-45184",
"CSAFPID-45182",
"CSAFPID-220559",
"CSAFPID-220327",
"CSAFPID-220325",
"CSAFPID-219838",
"CSAFPID-220056",
"CSAFPID-223511",
"CSAFPID-216017",
"CSAFPID-220889",
"CSAFPID-220918",
"CSAFPID-90020",
"CSAFPID-90015",
"CSAFPID-220133",
"CSAFPID-220561",
"CSAFPID-90021",
"CSAFPID-220881",
"CSAFPID-220910",
"CSAFPID-220324",
"CSAFPID-224796",
"CSAFPID-224795",
"CSAFPID-220326",
"CSAFPID-764734",
"CSAFPID-220167",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-764735",
"CSAFPID-764736",
"CSAFPID-764737",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-704412",
"CSAFPID-704411",
"CSAFPID-704410",
"CSAFPID-219803",
"CSAFPID-375182",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-224791",
"CSAFPID-764738",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-391501",
"CSAFPID-440102",
"CSAFPID-41516",
"CSAFPID-41515",
"CSAFPID-45181",
"CSAFPID-45186",
"CSAFPID-45185",
"CSAFPID-90018",
"CSAFPID-94290",
"CSAFPID-260394",
"CSAFPID-94292",
"CSAFPID-218028",
"CSAFPID-493443",
"CSAFPID-90019",
"CSAFPID-90016",
"CSAFPID-93777",
"CSAFPID-93772",
"CSAFPID-93629",
"CSAFPID-45192",
"CSAFPID-608630",
"CSAFPID-40292",
"CSAFPID-40291",
"CSAFPID-93628",
"CSAFPID-764780",
"CSAFPID-764781",
"CSAFPID-93775",
"CSAFPID-93774",
"CSAFPID-764782",
"CSAFPID-1261",
"CSAFPID-204563",
"CSAFPID-8984",
"CSAFPID-220548",
"CSAFPID-608629",
"CSAFPID-93784",
"CSAFPID-41111",
"CSAFPID-1685",
"CSAFPID-493445",
"CSAFPID-294401",
"CSAFPID-220547",
"CSAFPID-764824",
"CSAFPID-220459",
"CSAFPID-764825",
"CSAFPID-93635",
"CSAFPID-503534",
"CSAFPID-503493",
"CSAFPID-493444",
"CSAFPID-93633",
"CSAFPID-260395",
"CSAFPID-260393",
"CSAFPID-220468",
"CSAFPID-93636",
"CSAFPID-93634",
"CSAFPID-589926",
"CSAFPID-179780",
"CSAFPID-589925",
"CSAFPID-179779",
"CSAFPID-764826",
"CSAFPID-764827",
"CSAFPID-764828",
"CSAFPID-764829",
"CSAFPID-764830",
"CSAFPID-220190",
"CSAFPID-220189",
"CSAFPID-764833",
"CSAFPID-41183",
"CSAFPID-764834",
"CSAFPID-234306",
"CSAFPID-764835",
"CSAFPID-226017",
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816346",
"CSAFPID-816776",
"CSAFPID-816348",
"CSAFPID-816777",
"CSAFPID-816347",
"CSAFPID-816778",
"CSAFPID-816779",
"CSAFPID-816349",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816353",
"CSAFPID-816786",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816352",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816350",
"CSAFPID-816351",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-816795",
"CSAFPID-816359",
"CSAFPID-816796",
"CSAFPID-816358",
"CSAFPID-816797",
"CSAFPID-816357",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-765242",
"CSAFPID-912558",
"CSAFPID-912073",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-34381",
"cwe": {
"id": "CWE-1329",
"name": "Reliance on Component That is Not Updateable"
},
"notes": [
{
"category": "other",
"text": "Reliance on Component That is Not Updateable",
"title": "CWE-1329"
}
],
"product_status": {
"known_affected": [
"CSAFPID-219776",
"CSAFPID-912073",
"CSAFPID-219826",
"CSAFPID-8984",
"CSAFPID-204569",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-912539",
"CSAFPID-816773",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-614517",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912553",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-912557",
"CSAFPID-765242",
"CSAFPID-912558",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34381",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34381.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-219776",
"CSAFPID-912073",
"CSAFPID-219826",
"CSAFPID-8984",
"CSAFPID-204569",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-912539",
"CSAFPID-816773",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-614517",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912553",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-912557",
"CSAFPID-765242",
"CSAFPID-912558",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
}
],
"title": "CVE-2022-34381"
},
{
"cve": "CVE-2023-5981",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Discrepancy",
"title": "CWE-203"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5981",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5981.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2023-5981"
},
{
"cve": "CVE-2023-29081",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-912539",
"CSAFPID-816773",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-614517",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912553",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-765242",
"CSAFPID-912073",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29081",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29081.json"
}
],
"title": "CVE-2023-29081"
},
{
"cve": "CVE-2023-35116",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-40293",
"CSAFPID-94291",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-220558",
"CSAFPID-221118",
"CSAFPID-224790",
"CSAFPID-240600",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611401",
"CSAFPID-611406",
"CSAFPID-611407",
"CSAFPID-611408",
"CSAFPID-611413",
"CSAFPID-611595",
"CSAFPID-614513",
"CSAFPID-614514",
"CSAFPID-614515",
"CSAFPID-614516",
"CSAFPID-614517",
"CSAFPID-618156",
"CSAFPID-643776",
"CSAFPID-764237",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-764240",
"CSAFPID-764241",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-764249",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-35116",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35116.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-40293",
"CSAFPID-94291",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-220558",
"CSAFPID-221118",
"CSAFPID-224790",
"CSAFPID-240600",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611401",
"CSAFPID-611406",
"CSAFPID-611407",
"CSAFPID-611408",
"CSAFPID-611413",
"CSAFPID-611595",
"CSAFPID-614513",
"CSAFPID-614514",
"CSAFPID-614515",
"CSAFPID-614516",
"CSAFPID-614517",
"CSAFPID-618156",
"CSAFPID-643776",
"CSAFPID-764237",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-764240",
"CSAFPID-764241",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-764249",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
}
],
"title": "CVE-2023-35116"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-219838",
"CSAFPID-611387",
"CSAFPID-94291",
"CSAFPID-342804",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1261",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-219803",
"CSAFPID-611595",
"CSAFPID-342803",
"CSAFPID-204563",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-8984",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1265",
"CSAFPID-1266",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-816346",
"CSAFPID-816347",
"CSAFPID-816348",
"CSAFPID-816349",
"CSAFPID-816350",
"CSAFPID-816351",
"CSAFPID-816352",
"CSAFPID-816353",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-816357",
"CSAFPID-816358",
"CSAFPID-816359",
"CSAFPID-912069",
"CSAFPID-912077",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764738",
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816776",
"CSAFPID-816777",
"CSAFPID-816778",
"CSAFPID-816779",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816786",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816795",
"CSAFPID-816796",
"CSAFPID-816797",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46218",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-219838",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816346",
"CSAFPID-816776",
"CSAFPID-816348",
"CSAFPID-816777",
"CSAFPID-816347",
"CSAFPID-94291",
"CSAFPID-816778",
"CSAFPID-614517",
"CSAFPID-816779",
"CSAFPID-816349",
"CSAFPID-40293",
"CSAFPID-764242",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816353",
"CSAFPID-816786",
"CSAFPID-816352",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-219803",
"CSAFPID-816351",
"CSAFPID-611595",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-90016",
"CSAFPID-764826",
"CSAFPID-345038",
"CSAFPID-912079",
"CSAFPID-220132",
"CSAFPID-93781",
"CSAFPID-345039",
"CSAFPID-912080",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-611413",
"CSAFPID-8984",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-240600",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-816357",
"CSAFPID-816358",
"CSAFPID-816359",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816795",
"CSAFPID-816796",
"CSAFPID-816797",
"CSAFPID-764739",
"CSAFPID-765242",
"CSAFPID-912073",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-219838",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816346",
"CSAFPID-816776",
"CSAFPID-816348",
"CSAFPID-816777",
"CSAFPID-816347",
"CSAFPID-94291",
"CSAFPID-816778",
"CSAFPID-614517",
"CSAFPID-816779",
"CSAFPID-816349",
"CSAFPID-40293",
"CSAFPID-764242",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816353",
"CSAFPID-816786",
"CSAFPID-816352",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-219803",
"CSAFPID-816351",
"CSAFPID-611595",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-90016",
"CSAFPID-764826",
"CSAFPID-345038",
"CSAFPID-912079",
"CSAFPID-220132",
"CSAFPID-93781",
"CSAFPID-345039",
"CSAFPID-912080",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-611413",
"CSAFPID-8984",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-240600",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-816357",
"CSAFPID-816358",
"CSAFPID-816359",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816795",
"CSAFPID-816796",
"CSAFPID-816797",
"CSAFPID-764739",
"CSAFPID-765242",
"CSAFPID-912073",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2024-0232",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json"
}
],
"title": "CVE-2024-0232"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764237",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22257",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764237",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
}
],
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-27316",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29133",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29133",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json"
}
],
"title": "CVE-2024-29133"
}
]
}
NCSC-2024-0294
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:52 - Updated: 2024-07-17 13:52Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Communications.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-681: Incorrect Conversion between Numeric Types
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-918: Server-Side Request Forgery (SSRF)
CWE-192: Integer Coercion Error
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222: Truncation of Security-relevant Information
CWE-284: Improper Access Control
CWE-295: Improper Certificate Validation
CWE-345: Insufficient Verification of Data Authenticity
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-390: Detection of Error Condition Without Action
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-405: Asymmetric Resource Consumption (Amplification)
CWE-416: Use After Free
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-450: Multiple Interpretations of UI Input
CWE-459: Incomplete Cleanup
CWE-476: NULL Pointer Dereference
CWE-502: Deserialization of Untrusted Data
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-502
- Deserialization of Untrusted Data
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-192
- Integer Coercion Error
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
References
80 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Communications.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48174"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37920"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0450"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23672"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23807"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26130"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34064"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications",
"tracking": {
"current_release_date": "2024-07-17T13:52:53.293003Z",
"id": "NCSC-2024-0294",
"initial_release_date": "2024-07-17T13:52:53.293003Z",
"revision_history": [
{
"date": "2024-07-17T13:52:53.293003Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-204629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-816792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-10086",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10086.json"
}
],
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json"
}
],
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-204629",
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-36033",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42890",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42890.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-48174",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48174",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5685",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37920",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0450",
"cwe": {
"id": "CWE-450",
"name": "Multiple Interpretations of UI Input"
},
"notes": [
{
"category": "other",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0450",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6162",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6162",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-6162"
},
{
"cve": "CVE-2024-22019",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22019",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22234"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22257",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23672",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23897",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23897",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23897"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26130",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27316",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28752",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-34064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34069",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34069",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34069"
}
]
}
NCSC-2024-0296
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:53 - Updated: 2024-07-17 13:53Summary
Kwetsbaarheden verholpen in Oracle Enterprise Manager
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Enterprise Manager.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-222: Truncation of Security-relevant Information
CWE-404: Improper Resource Shutdown or Release
CWE-674: Uncontrolled Recursion
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_testing_suite
oracle
|
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_ops_center
oracle
|
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_peoplesoft
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_exadata
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_exadata:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_fusion_middleware
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:_agent_next_gen___13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:_extensibility_framework___13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_virtualization
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.5.0.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
enterprise_manager_for_exadata
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_exadata:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_fusion_middleware
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_virtualization
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
application_testing_suite
oracle
|
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_ops_center
oracle
|
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_peoplesoft
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:_agent_next_gen___13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:_extensibility_framework___13.5.0.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
enterprise_manager_for_fusion_middleware
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_virtualization
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
application_testing_suite
oracle
|
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_ops_center
oracle
|
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_peoplesoft
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:_agent_next_gen___13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:_extensibility_framework___13.5.0.0:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
application_testing_suite
oracle
|
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_ops_center
oracle
|
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_fusion_middleware
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_for_virtualization
oracle
|
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:_agent_next_gen___13.5.0.0:*:*:*:*:*:*:*
|
— | |
|
enterprise_manager_base_platform
oracle
|
cpe:2.3:a:oracle:enterprise_manager_base_platform:_extensibility_framework___13.5.0.0:*:*:*:*:*:*:*
|
— |
References
9 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Enterprise Manager.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Enterprise Manager",
"tracking": {
"current_release_date": "2024-07-17T13:53:28.440252Z",
"id": "NCSC-2024-0296",
"initial_release_date": "2024-07-17T13:53:28.440252Z",
"revision_history": [
{
"date": "2024-07-17T13:53:28.440252Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "application_testing_suite",
"product": {
"name": "application_testing_suite",
"product_id": "CSAFPID-5546",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_base_platform",
"product": {
"name": "enterprise_manager_base_platform",
"product_id": "CSAFPID-816810",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:_agent_next_gen___13.5.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_base_platform",
"product": {
"name": "enterprise_manager_base_platform",
"product_id": "CSAFPID-816811",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:_extensibility_framework___13.5.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_base_platform",
"product": {
"name": "enterprise_manager_base_platform",
"product_id": "CSAFPID-135360",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_base_platform",
"product": {
"name": "enterprise_manager_base_platform",
"product_id": "CSAFPID-179794",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_for_exadata",
"product": {
"name": "enterprise_manager_for_exadata",
"product_id": "CSAFPID-577246",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_for_exadata:13.5.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_for_fusion_middleware",
"product": {
"name": "enterprise_manager_for_fusion_middleware",
"product_id": "CSAFPID-220465",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.5.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_for_peoplesoft",
"product": {
"name": "enterprise_manager_for_peoplesoft",
"product_id": "CSAFPID-204465",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_for_virtualization",
"product": {
"name": "enterprise_manager_for_virtualization",
"product_id": "CSAFPID-611588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.5.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "enterprise_manager_ops_center",
"product": {
"name": "enterprise_manager_ops_center",
"product_id": "CSAFPID-9557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-5546",
"CSAFPID-179794",
"CSAFPID-9557",
"CSAFPID-204465",
"CSAFPID-577246",
"CSAFPID-220465",
"CSAFPID-135360",
"CSAFPID-816810",
"CSAFPID-816811",
"CSAFPID-611588"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-5546",
"CSAFPID-179794",
"CSAFPID-9557",
"CSAFPID-204465",
"CSAFPID-577246",
"CSAFPID-220465",
"CSAFPID-135360",
"CSAFPID-816810",
"CSAFPID-816811",
"CSAFPID-611588"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-577246",
"CSAFPID-220465",
"CSAFPID-611588",
"CSAFPID-5546",
"CSAFPID-9557",
"CSAFPID-179794",
"CSAFPID-204465",
"CSAFPID-816810",
"CSAFPID-816811"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-1370",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-1370.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-577246",
"CSAFPID-220465",
"CSAFPID-611588",
"CSAFPID-5546",
"CSAFPID-9557",
"CSAFPID-179794",
"CSAFPID-204465",
"CSAFPID-816810",
"CSAFPID-816811"
]
}
],
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-40167",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220465",
"CSAFPID-611588",
"CSAFPID-5546",
"CSAFPID-9557",
"CSAFPID-179794",
"CSAFPID-204465",
"CSAFPID-816810",
"CSAFPID-816811"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40167",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40167.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220465",
"CSAFPID-611588",
"CSAFPID-5546",
"CSAFPID-9557",
"CSAFPID-179794",
"CSAFPID-204465",
"CSAFPID-816810",
"CSAFPID-816811"
]
}
],
"title": "CVE-2023-40167"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-179794",
"CSAFPID-5546",
"CSAFPID-9557",
"CSAFPID-220465",
"CSAFPID-611588",
"CSAFPID-816810",
"CSAFPID-816811"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-179794",
"CSAFPID-5546",
"CSAFPID-9557",
"CSAFPID-220465",
"CSAFPID-611588",
"CSAFPID-816810",
"CSAFPID-816811"
]
}
],
"title": "CVE-2023-48795"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…