Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-28895 (GCVE-0-2020-28895)
Vulnerability from cvelistv5 – Published: 2021-02-03 15:16 – Updated: 2024-08-04 16:41
VLAI
EPSS
Title
integer overflow in calloc
Summary
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Severity
7.3 (High)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support2.windriver.com/index.php?page=def… | x_refsource_MISC |
| https://support2.windriver.com/index.php?page=cve… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Date Public
2020-12-14 00:00
Credits
Reported by Omri Ben Bassat <v-obenbassat@microsoft.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:41:00.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Omri Ben Bassat \u003cv-obenbassat@microsoft.com\u003e"
}
],
"datePublic": "2020-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:22:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "integer overflow in calloc",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28895",
"STATE": "PUBLIC",
"TITLE": "integer overflow in calloc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Omri Ben Bassat \u003cv-obenbassat@microsoft.com\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28895",
"datePublished": "2021-02-03T15:16:34.000Z",
"dateReserved": "2020-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:41:00.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-28895",
"date": "2026-06-19",
"epss": "0.01475",
"percentile": "0.70442"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-28895\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-02-03T16:15:13.633\",\"lastModified\":\"2024-11-21T05:23:14.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.\"},{\"lang\":\"es\",\"value\":\"En Wind River VxWorks, el asignador de memoria presenta un posible desbordamiento en el calculo del tama\u00f1o del bloque de memoria que se asignar\u00e1 por medio de la funci\u00f3n calloc().\u0026#xa0;Como resultado, la memoria real asignada es menor que el tama\u00f1o del b\u00fafer especificado por los argumentos, conllevando a una corrupci\u00f3n en la memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.4.12\",\"matchCriteriaId\":\"2E27E761-92D8-4A67-8D23-213E0C7BFFC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"69674D4D-2848-46BA-9367-7AA85EE2CD99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"46.8.0\",\"versionEndIncluding\":\"48.6.2\",\"matchCriteriaId\":\"1507EFE2-DA83-42D7-B075-91EE060B6B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"46.9.1\",\"versionEndIncluding\":\"46.9.3\",\"matchCriteriaId\":\"4143A5F6-CD91-4209-A52B-98854CCAC987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FED9166-7A2A-453D-9792-7A6361CEF594\"}]}]}],\"references\":[{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2023-AVI-0297
Vulnerability from certfr_avis - Published: 2023-04-11 - Updated: 2023-04-11
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Modicon M580 NOC Control (BMENOC0321) versions antérieures à 1.8 | ||
| Schneider Electric | N/A | PacDrive 3 Controllers LMC | ||
| Schneider Electric | N/A | Easergy Builder installer versions antérieures à V1.7.24 | ||
| Schneider Electric | N/A | Modicon Controller LMC058 | ||
| Schneider Electric | N/A | Modicon Controller M258 | ||
| Schneider Electric | N/A | Eco/Pro/Pro2 | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à SV4.10 | ||
| Schneider Electric | Modicon M340 | Modicon Modicon M340 CPU (part numbers BMXP34*) versions antérieures à SV3.51 | ||
| Schneider Electric | N/A | Modicon Controller M262 | ||
| Schneider Electric | N/A | PacDrive Controller LMC078 | ||
| Schneider Electric | N/A | Modicon Controller M241 | ||
| Schneider Electric | N/A | InsightHome, InsightFacility et Conext Gateway versions antérieures à 1.17 Build 079 | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à V15.3 | ||
| Schneider Electric | N/A | Schneider Electric Easy UPS Online versions antérieures à 2.6-GS | ||
| Schneider Electric | N/A | Modicon Controller M218 | ||
| Schneider Electric | N/A | HMISCU Controller | ||
| Schneider Electric | N/A | Modicon Controller M251 | ||
| Schneider Electric | N/A | Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions antérieures à V1.2.1 Hotfix 4 | ||
| Schneider Electric | N/A | APC Easy UPS Online Monitoring versions antérieures à 2.6-GA | ||
| Schneider Electric | N/A | Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions antérieures à SV2.21 | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU versions antérieures à SV3.51 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M580 NOC Control (BMENOC0321) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive 3 Controllers LMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy Builder installer versions ant\u00e9rieures \u00e0 V1.7.24",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller LMC058",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M258",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eco/Pro/Pro2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 SV4.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Modicon M340 CPU (part numbers BMXP34*) versions ant\u00e9rieures \u00e0 SV3.51",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M262",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive Controller LMC078",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M241",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "InsightHome, InsightFacility et Conext Gateway versions ant\u00e9rieures \u00e0 1.17 Build 079",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 V15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Easy UPS Online versions ant\u00e9rieures \u00e0 2.6-GS",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M218",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M251",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.2.1 Hotfix 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "APC Easy UPS Online Monitoring versions ant\u00e9rieures \u00e0 2.6-GA",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions ant\u00e9rieures \u00e0 SV2.21",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU versions ant\u00e9rieures \u00e0 SV3.51",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29413"
},
{
"name": "CVE-2023-29410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29410"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4046"
},
{
"name": "CVE-2023-29412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29412"
},
{
"name": "CVE-2023-27976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27976"
},
{
"name": "CVE-2022-34755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34755"
},
{
"name": "CVE-2023-25620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25620"
},
{
"name": "CVE-2023-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1548"
},
{
"name": "CVE-2023-29411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29411"
},
{
"name": "CVE-2023-28355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28355"
},
{
"name": "CVE-2023-25619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25619"
},
{
"name": "CVE-2022-45788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45788"
},
{
"name": "CVE-2022-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4224"
},
{
"name": "CVE-2021-29241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29241"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
}
],
"initial_release_date": "2023-04-11T00:00:00",
"last_revision_date": "2023-04-11T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0297",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-011-06 du 11 janvier 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-05 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-06 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-06.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-04 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-02 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-02.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-03 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-01 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-05 du 10 janvier 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
CERTFR-2023-AVI-0298
Vulnerability from certfr_avis - Published: 2023-04-11 - Updated: 2023-04-11
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Solid Edge SE2023 avec KeyShot 11 versions antérieures à V2023.1 | ||
| Siemens | N/A | TIA Portal V18 versions antérieures à V18 Update 1 | ||
| Siemens | N/A | TeleControl Server Basic V3 | ||
| Siemens | N/A | Polarion ALM versions antérieures à V2304.0 | ||
| Siemens | N/A | CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05 | ||
| Siemens | N/A | TIA Portal V15, V16 et V17 | ||
| Siemens | N/A | JT2Go versions antérieures à V14.2.0.2 | ||
| Siemens | N/A | De nombreuses références SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se référer aux bulletins de sécurité de l'éditeur pour la liste complète | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU family | ||
| Siemens | N/A | Teamcenter Visualization V13.2 versions antérieures à V13.2.0.13 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.1 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.1.1 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced versions antérieures à V3.2.17 | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced versions antérieures à V3.0.53 | ||
| Siemens | N/A | Teamcenter Visualization V14.0 versions antérieures à V14.0.0.5 | ||
| Siemens | N/A | SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.2 | ||
| Siemens | N/A | JT Open versions antérieures à V11.3.2.0 | ||
| Siemens | N/A | Teamcenter Visualization V14.2 versions antérieures à V14.2.0.2 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.1 | ||
| Siemens | N/A | JT Utilities versions antérieures à V13.3.0.0 | ||
| Siemens | N/A | Teamcenter Visualization V13.3 versions antérieures à V13.3.0.9 | ||
| Siemens | N/A | OpenPCS 7 V9.1 | ||
| Siemens | N/A | SIMATIC S7-300 CPU family versions antérieures à V3.X.18 | ||
| Siemens | N/A | Teamcenter Visualization V14.1 versions antérieures à V14.1.0.7 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solid Edge SE2023 avec KeyShot 11 versions ant\u00e9rieures \u00e0 V2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V18 versions ant\u00e9rieures \u00e0 V18 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic V3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Polarion ALM versions ant\u00e9rieures \u00e0 V2304.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V15, V16 et V17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 V14.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "De nombreuses r\u00e9f\u00e9rences SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU family",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.2 versions ant\u00e9rieures \u00e0 V13.2.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced versions ant\u00e9rieures \u00e0 V3.2.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced versions ant\u00e9rieures \u00e0 V3.0.53",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V11.3.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.2 versions ant\u00e9rieures \u00e0 V14.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU family versions ant\u00e9rieures \u00e0 V3.X.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-28828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28828"
},
{
"name": "CVE-2016-8673",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8673"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2023-28766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28766"
},
{
"name": "CVE-2021-27044",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27044"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2023-29053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29053"
},
{
"name": "CVE-2023-28489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28489"
},
{
"name": "CVE-2022-43767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43767"
},
{
"name": "CVE-2022-44725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44725"
},
{
"name": "CVE-2023-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29054"
},
{
"name": "CVE-2023-23588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23588"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2016-8672",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8672"
},
{
"name": "CVE-2023-26293",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26293"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-43716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43716"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-43768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43768"
},
{
"name": "CVE-2023-27464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27464"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2023-1709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1709"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
}
],
"initial_release_date": "2023-04-11T00:00:00",
"last_revision_date": "2023-04-11T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0298",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-699404 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-699404.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-479249 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-479249.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-572164 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-572164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-691715 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-691715.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-511182 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-511182.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-566905 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-642810 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-642810.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-603476 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-603476.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-813746 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-629917 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-558014 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-558014.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-322980 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-116924 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-632164 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-632164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-472454 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-472454.html"
}
]
}
CERTFR-2023-AVI-0363
Vulnerability from certfr_avis - Published: 2023-05-09 - Updated: 2023-05-09
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | OPC Factory Server (OFS) versions antérieures à V3.63SP2 | ||
| N/A | N/A | Modicon X80 Module (part number BMXNOM0200) versions antérieures à V1.60 | ||
| N/A | N/A | PowerLogic PM8000 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | PowerLogic ION7400 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | EcoStruxure Power Operation versions 2022 antérieures à 2022 CU1 | ||
| N/A | N/A | EcoStruxure Power Operation versions 2021 antérieures à 2021 CU3 | ||
| N/A | N/A | Produits Legacy ION toutes versions | ||
| N/A | N/A | PowerLogic ION9000 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | Power SCADA Anywhere versions 1.1 et 1.2 antérieures à Plant SCADA Anywhere version 2023 | ||
| N/A | N/A | PowerLogic ION8650 toutes versions | ||
| N/A | N/A | Altivar 32/320 et Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions antérieures à V1.20IE01 | ||
| N/A | N/A | EcoStruxure Power SCADA Operation versions 2020 R2 | ||
| N/A | N/A | PowerLogic ION8800 toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OPC Factory Server (OFS) versions ant\u00e9rieures \u00e0 V3.63SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon X80 Module (part number BMXNOM0200) versions ant\u00e9rieures \u00e0 V1.60",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic PM8000 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION7400 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Operation versions 2022 ant\u00e9rieures \u00e0 2022 CU1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Operation versions 2021 ant\u00e9rieures \u00e0 2021 CU3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Produits Legacy ION toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION9000 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Power SCADA Anywhere versions 1.1 et 1.2 ant\u00e9rieures \u00e0 Plant SCADA Anywhere version 2023",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION8650 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Altivar 32/320 et Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions ant\u00e9rieures \u00e0 V1.20IE01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power SCADA Operation versions 2020 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION8800 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23854"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-46680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46680"
},
{
"name": "CVE-2021-31401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31401"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-31400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31400"
},
{
"name": "CVE-2023-1256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1256"
},
{
"name": "CVE-2020-35685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35685"
},
{
"name": "CVE-2020-35683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35683"
},
{
"name": "CVE-2020-35684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35684"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2023-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2161"
}
],
"initial_release_date": "2023-05-09T00:00:00",
"last_revision_date": "2023-05-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0363",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
},
{
"description": "Ajout des num\u00e9ros de CVE manquants",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-01 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-217-01 du 05 ao\u00fbt 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-03 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-04 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-04.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-02 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-02.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
FKIE_CVE-2020-28895
Vulnerability from fkie_nvd - Published: 2021-02-03 16:15 - Updated: 2026-06-17 03:10
Severity
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-28895 | Vendor Advisory | |
| cve@mitre.org | https://support2.windriver.com/index.php?page=defects&on=view&id=V7LIBC-1327 | Permissions Required | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-28895 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support2.windriver.com/index.php?page=defects&on=view&id=V7LIBC-1327 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| windriver | vxworks | * | |
| windriver | vxworks | 6.9.4.12 | |
| windriver | vxworks | 6.9.4.12 | |
| oracle | communications_eagle | * | |
| oracle | communications_eagle | * | |
| oracle | communications_eagle | 46.7.0 |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E27E761-92D8-4A67-8D23-213E0C7BFFC6",
"versionEndExcluding": "6.9.4.12",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*",
"matchCriteriaId": "69674D4D-2848-46BA-9367-7AA85EE2CD99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*",
"matchCriteriaId": "1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1507EFE2-DA83-42D7-B075-91EE060B6B35",
"versionEndIncluding": "48.6.2",
"versionStartIncluding": "46.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4143A5F6-CD91-4209-A52B-98854CCAC987",
"versionEndIncluding": "46.9.3",
"versionStartIncluding": "46.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED9166-7A2A-453D-9792-7A6361CEF594",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
},
{
"lang": "es",
"value": "En Wind River VxWorks, el asignador de memoria presenta un posible desbordamiento en el calculo del tama\u00f1o del bloque de memoria que se asignar\u00e1 por medio de la funci\u00f3n calloc().\u0026#xa0;Como resultado, la memoria real asignada es menor que el tama\u00f1o del b\u00fafer especificado por los argumentos, conllevando a una corrupci\u00f3n en la memoria"
}
],
"id": "CVE-2020-28895",
"lastModified": "2026-06-17T03:10:47.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-03T16:15:13.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5WMW-M5W7-7M5M
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Severity
7.3 (High)
{
"affected": [],
"aliases": [
"CVE-2020-28895"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-03T16:15:00Z",
"severity": "CRITICAL"
},
"details": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GHSA-5wmw-m5w7-7m5m",
"modified": "2022-05-24T17:40:47Z",
"published": "2022-05-24T17:40:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28895"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GSD-2020-28895
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-28895",
"description": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GSD-2020-28895"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-28895"
],
"details": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GSD-2020-28895",
"modified": "2023-12-13T01:22:01.834660Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28895",
"STATE": "PUBLIC",
"TITLE": "integer overflow in calloc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Omri Ben Bassat \u003cv-obenbassat@microsoft.com\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.9.4.12",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "46.9.3",
"versionStartIncluding": "46.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "48.6.2",
"versionStartIncluding": "46.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28895"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"name": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
},
"lastModifiedDate": "2022-05-12T14:33Z",
"publishedDate": "2021-02-03T16:15Z"
}
}
}
ICSA-21-119-04
Vulnerability from csaf_cisa - Published: 2021-04-29 00:00 - Updated: 2022-04-19 00:00Summary
Multiple RTOS (Update E)
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Multiple
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
CWE-190
- Integer Overflow or Wraparound
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
4.6 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
6.5 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
6.5 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
6.9 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.0 (Critical)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
References
39 references
| URL | Category |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01 | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
Acknowledgments
Microsoft Section 52
David Atch
Omri Ben Bassat
Tamir Ariel
the Azure Defender for IoT research group
{
"document": {
"acknowledgments": [
{
"names": [
"David Atch",
"Omri Ben Bassat",
"Tamir Ariel"
],
"organization": "Microsoft Section 52",
"summary": "reporting these vulnerabilities to CISA"
},
{
"organization": "the Azure Defender for IoT research group",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Multiple",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-119-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-119-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-119-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Multiple RTOS (Update E)",
"tracking": {
"current_release_date": "2022-04-19T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-119-04",
"initial_release_date": "2021-04-29T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-04-29T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-119-04 Multiple RTOS"
},
{
"date": "2021-05-06T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-21-119-04 Multiple RTOS (Update A)"
},
{
"date": "2021-05-20T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-21-119-04 Multiple RTOS (Update B)"
},
{
"date": "2021-08-17T00:00:00.000000Z",
"legacy_version": "C",
"number": "4",
"summary": "ICSA-21-119-04 Multiple RTOS (Update C)"
},
{
"date": "2021-11-30T00:00:00.000000Z",
"legacy_version": "D",
"number": "5",
"summary": "ICSA-21-119-04 Multiple RTOS (Update D)"
},
{
"date": "2022-04-19T00:00:00.000000Z",
"legacy_version": "E",
"number": "6",
"summary": "ICSA-21-119-04 Multiple RTOS (Update E)"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.5.0 SP1",
"product": {
"name": "BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX SDP"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1.0",
"product": {
"name": "TencentOS-tiny: Version 3.1.0",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "TencentOS-tiny"
},
{
"branches": [
{
"category": "product_version",
"name": "1.0.2",
"product": {
"name": "Google Cloud IoT Device SDK: Version 1.0.2",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Google Cloud IoT Device SDK"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00",
"product": {
"name": "Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC26XX"
},
{
"branches": [
{
"category": "product_version",
"name": "MSP432E4XX",
"product": {
"name": "Texas Instruments SimpleLink: MSP432E4XX",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.0.1",
"product": {
"name": "BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX OS for Safety"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.1",
"product": {
"name": "BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX OS for Medical"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.1.3",
"product": {
"name": "ARM CMSIS-RTOS2: versions prior to 2.1.3",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "ARM CMSIS-RTOS2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.0.0",
"product": {
"name": "Redhat newlib: versions prior to 4.0.0",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Redhat newlib"
},
{
"branches": [
{
"category": "product_version",
"name": "9.1.0",
"product": {
"name": "Apache Nuttx OS: Version 9.1.0",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "Apache Nuttx OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 2.0.1 | \u003c= 4.5.3",
"product": {
"name": "eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "eCosCentric eCosPro RTOS"
},
{
"branches": [
{
"category": "product_version",
"name": "2020.01.1",
"product": {
"name": "RIOT OS: Version 2020.01.1",
"product_id": "CSAFPID-00012"
}
}
],
"category": "product_name",
"name": "RIOT OS"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0",
"product": {
"name": "ARM Mbed OS: Version 6.3.0",
"product_id": "CSAFPID-00013"
}
}
],
"category": "product_name",
"name": "ARM Mbed OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00.07",
"product": {
"name": "Texas Instruments CC32XX: versions prior to 4.40.00.07",
"product_id": "CSAFPID-00014"
}
}
],
"category": "product_name",
"name": "Texas Instruments CC32XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.10.03",
"product": {
"name": "Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03",
"product_id": "CSAFPID-00015"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC32XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 7.0",
"product": {
"name": "Windriver VxWorks: prior to 7.0",
"product_id": "CSAFPID-00016"
}
}
],
"category": "product_name",
"name": "Windriver VxWorks"
},
{
"branches": [
{
"category": "product_version",
"name": "10.4.1",
"product": {
"name": "Amazon FreeRTOS: Version 10.4.1",
"product_id": "CSAFPID-00017"
}
}
],
"category": "product_name",
"name": "Amazon FreeRTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 3.0.GBB",
"product": {
"name": "Samsung Tizen RT RTOS: versions prior 3.0.GBB",
"product_id": "CSAFPID-00018"
}
}
],
"category": "product_name",
"name": "Samsung Tizen RT RTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.8.2",
"product": {
"name": "NXP MCUXpresso SDK: versions prior to 2.8.2",
"product_id": "CSAFPID-00019"
}
}
],
"category": "product_name",
"name": "NXP MCUXpresso SDK"
},
{
"branches": [
{
"category": "product_version",
"name": "2.17.0",
"product": {
"name": "Cesanta Software Mongoose OS: v2.17.0",
"product_id": "CSAFPID-00020"
}
}
],
"category": "product_name",
"name": "Cesanta Software Mongoose OS"
},
{
"branches": [
{
"category": "product_version",
"name": "1.38.xx | 1.39.00",
"product": {
"name": "Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00",
"product_id": "CSAFPID-00021"
}
}
],
"category": "product_name",
"name": "Micrium uC/OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.10.1",
"product": {
"name": "Micrium OS: Versions 5.10.1 and prior",
"product_id": "CSAFPID-00022"
}
}
],
"category": "product_name",
"name": "Micrium OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00",
"product": {
"name": "Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00",
"product_id": "CSAFPID-00023"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC13XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.1",
"product": {
"name": "Media Tek LinkIt SDK: versions prior to 4.6.1",
"product_id": "CSAFPID-00024"
}
}
],
"category": "product_name",
"name": "Media Tek LinkIt SDK"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.0.36",
"product": {
"name": "Uclibc-NG: versions prior to 1.0.36",
"product_id": "CSAFPID-00025"
}
}
],
"category": "product_name",
"name": "Uclibc-NG"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.5",
"product": {
"name": "Zephyr Project RTOS: versions prior to 2.5",
"product_id": "CSAFPID-00026"
}
}
],
"category": "product_name",
"name": "Zephyr Project RTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.1",
"product": {
"name": "NXP MQX: Versions 5.1 and prior",
"product_id": "CSAFPID-00027"
}
}
],
"category": "product_name",
"name": "NXP MQX"
},
{
"branches": [
{
"category": "product_version",
"name": "1.3.0",
"product": {
"name": "ARM mbed-ualloc: Version 1.3.0",
"product_id": "CSAFPID-00028"
}
}
],
"category": "product_name",
"name": "ARM mbed-ualloc"
}
],
"category": "vendor",
"name": "multiple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30636",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Media Tek LinkIt SDK versions prior to 4.6.1 is vulnerable to integer overflow in memory allocation calls pvPortCalloc(calloc) and pvPortRealloc(realloc), which can lead to memory corruption on the target device.CVE-2021-30636 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30636"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27431",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.CVE-2021-27431 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27431"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27433",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM mbed-ualloc memory library Version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27433 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27433"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27435",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27435 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27435"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27427",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "RIOT OS Versions 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27427 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27427"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22684",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Samsung Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash.CVE-2021-22684 has been assigned to this vulnerability. A CVSS v3 base score of 3.2 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22684"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27439",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "TencentOS-tiny Version 3.1.0 is vulnerable to integer wrap-around in function \u0027tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27439 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27439"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27425",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27425 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27425"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-26461",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Apache Nuttx OS Version 9.1.0 is vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-26461 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26461"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2020-35198",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Wind River VxWorks several versions prior to 7.0 firmware are vulnerable to weaknesses found in the following functions; calloc(memLib), mmap/mmap64 (mmanLib), cacheDmaMalloc(cacheLib) and cacheArchDmaMalloc(cacheArchLib). This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2020-35198 and CVE-2020-28895 have been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35198"
},
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28895"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Amazon FreeRTOS Version 10.4.1 is vulnerable to integer wrap-around in multiple memory management API functions (MemMang, Queue, StreamBuffer). This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-31571 and CVE-2021-31572 have been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31571"
},
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31572"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-31571",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.CVE-2021-27417 has been assigned to this vulnerability. A CVSS v3 base score of 4.6 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27417"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-31572",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Redhat newlib versions prior to 4.0.0 are vulnerable to integer wrap-around in malloc and nano-malloc family routines (memalign, valloc, pvalloc, nano_memalign, nano_valloc, nano_pvalloc) due to insufficient checking in memory alignment logic. This insufficient checking can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-3420 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3420"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27417",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc.CVE-2021-27421 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27421"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-3420",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-22680 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22680"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27421",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27419 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27419"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22680",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in \u0027HeapTrack_alloc\u0027 and result in code execution.CVE-2021-27429 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27429"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27419",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027malloc\u0027 and result in code execution.CVE-2021-22636 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22636"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27429",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027malloc\u0027 for FreeRTOS, resulting in code execution.CVE-2021-27504 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27504"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22636",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027HeapMem_allocUnprotected\u0027 and result in code execution.CVE-2021-27502 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27502"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27504",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Google Cloud IoT Device SDK Version 1.0.2 is vulnerable to heap overflow due to integer overflow in its implementation of calloc, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or code execution. Google PSIRT will assign a CVE. CVSS score will be calculated when a CVE has been assigned.CVE-2021-27411 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27411"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27502",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.CVE-2021-26706 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26706"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27411",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Micrium uC/OS: uC/LIB Versions 1.38.xx, 1.39.00 are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.CVE-2020-13603 has been assigned to this vulnerability. A CVSS v3 base score of 6.9 has been calculated; the CVSS vector string is (AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13603"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-26706",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Zephyr Project RTOS versions prior to 2.5 are vulnerable to integer wrap-around sys_mem_pool_alloc function, which can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or code execution.CVE-2021-22156 has been assigned to this vulnerability. A CVSS v3 base score of 9.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22156"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
}
]
}
ICSA-23-103-13
Vulnerability from csaf_cisa - Published: 2023-04-11 00:00 - Updated: 2024-08-13 00:00Summary
Siemens SCALANCE Switch Families
Notes
Summary: Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CWE-190
- Integer Overflow or Wraparound
Affected products
Known affected
107 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)
Siemens / SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)
|
6GK5200-4AH00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)
Siemens / SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)
|
6GK5201-3BH00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)
Siemens / SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)
|
6GK5201-3JR00-2BA6
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)
Siemens / SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)
|
6GK5202-2BB00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)
Siemens / SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)
|
6GK5202-2BB10-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)
Siemens / SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)
|
6GK5202-2BH00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)
Siemens / SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)
|
6GK5202-2JR00-2BA6
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X204-2 (6GK5204-2BB10-2AA3)
Siemens / SCALANCE X204-2 (6GK5204-2BB10-2AA3)
|
6GK5204-2BB10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204-2FM (6GK5204-2BB11-2AA3)
Siemens / SCALANCE X204-2FM (6GK5204-2BB11-2AA3)
|
6GK5204-2BB11-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204-2LD (6GK5204-2BC10-2AA3)
Siemens / SCALANCE X204-2LD (6GK5204-2BC10-2AA3)
|
6GK5204-2BC10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)
Siemens / SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)
|
6GK5204-2BC10-2CA2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204-2TS (6GK5204-2BB10-2CA2)
Siemens / SCALANCE X204-2TS (6GK5204-2BB10-2CA2)
|
6GK5204-2BB10-2CA2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204IRT (6GK5204-0BA00-2BA3)
Siemens / SCALANCE X204IRT (6GK5204-0BA00-2BA3)
|
6GK5204-0BA00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X204IRT (6GK5204-0BA10-2BA3)
Siemens / SCALANCE X204IRT (6GK5204-0BA10-2BA3)
|
6GK5204-0BA10-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)
Siemens / SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)
|
6GK5204-0JA00-2BA6
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X206-1 (6GK5206-1BB10-2AA3)
Siemens / SCALANCE X206-1 (6GK5206-1BB10-2AA3)
|
6GK5206-1BB10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X206-1LD (6GK5206-1BC10-2AA3)
Siemens / SCALANCE X206-1LD (6GK5206-1BC10-2AA3)
|
6GK5206-1BC10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X208 (6GK5208-0BA10-2AA3)
Siemens / SCALANCE X208 (6GK5208-0BA10-2AA3)
|
6GK5208-0BA10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X208PRO (6GK5208-0HA10-2AA6)
Siemens / SCALANCE X208PRO (6GK5208-0HA10-2AA6)
|
6GK5208-0HA10-2AA6
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X212-2 (6GK5212-2BB00-2AA3)
Siemens / SCALANCE X212-2 (6GK5212-2BB00-2AA3)
|
6GK5212-2BB00-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X212-2LD (6GK5212-2BC00-2AA3)
Siemens / SCALANCE X212-2LD (6GK5212-2BC00-2AA3)
|
6GK5212-2BC00-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X216 (6GK5216-0BA00-2AA3)
Siemens / SCALANCE X216 (6GK5216-0BA00-2AA3)
|
6GK5216-0BA00-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X224 (6GK5224-0BA00-2AA3)
Siemens / SCALANCE X224 (6GK5224-0BA00-2AA3)
|
6GK5224-0BA00-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)
Siemens / SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)
|
6GK5302-7GD00-3GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)
Siemens / SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)
|
6GK5302-7GD00-3EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)
Siemens / SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)
|
6GK5302-7GD00-1GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)
Siemens / SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)
|
6GK5302-7GD00-1EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)
Siemens / SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)
|
6GK5302-7GD00-4GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)
Siemens / SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)
|
6GK5302-7GD00-4EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)
Siemens / SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)
|
6GK5302-7GD00-2GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)
Siemens / SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)
|
6GK5302-7GD00-2EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X304-2FE (6GK5304-2BD00-2AA3)
Siemens / SCALANCE X304-2FE (6GK5304-2BD00-2AA3)
|
6GK5304-2BD00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)
Siemens / SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)
|
6GK5306-1BF00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)
Siemens / SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)
|
6GK5307-2FD00-3GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)
Siemens / SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)
|
6GK5307-2FD00-3EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)
Siemens / SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)
|
6GK5307-2FD00-1GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)
Siemens / SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)
|
6GK5307-2FD00-1EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)
Siemens / SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)
|
6GK5307-2FD00-4GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)
Siemens / SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)
|
6GK5307-2FD00-4EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)
Siemens / SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)
|
6GK5307-2FD00-2GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)
Siemens / SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)
|
6GK5307-2FD00-2EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-3 (6GK5307-3BL00-2AA3)
Siemens / SCALANCE X307-3 (6GK5307-3BL00-2AA3)
|
6GK5307-3BL00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-3 (6GK5307-3BL10-2AA3)
Siemens / SCALANCE X307-3 (6GK5307-3BL10-2AA3)
|
6GK5307-3BL10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-3LD (6GK5307-3BM00-2AA3)
Siemens / SCALANCE X307-3LD (6GK5307-3BM00-2AA3)
|
6GK5307-3BM00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-3LD (6GK5307-3BM10-2AA3)
Siemens / SCALANCE X307-3LD (6GK5307-3BM10-2AA3)
|
6GK5307-3BM10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2 (6GK5308-2FL00-2AA3)
Siemens / SCALANCE X308-2 (6GK5308-2FL00-2AA3)
|
6GK5308-2FL00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2 (6GK5308-2FL10-2AA3)
Siemens / SCALANCE X308-2 (6GK5308-2FL10-2AA3)
|
6GK5308-2FL10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LD (6GK5308-2FM00-2AA3)
Siemens / SCALANCE X308-2LD (6GK5308-2FM00-2AA3)
|
6GK5308-2FM00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LD (6GK5308-2FM10-2AA3)
Siemens / SCALANCE X308-2LD (6GK5308-2FM10-2AA3)
|
6GK5308-2FM10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LH (6GK5308-2FN00-2AA3)
Siemens / SCALANCE X308-2LH (6GK5308-2FN00-2AA3)
|
6GK5308-2FN00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LH (6GK5308-2FN10-2AA3)
Siemens / SCALANCE X308-2LH (6GK5308-2FN10-2AA3)
|
6GK5308-2FN10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)
Siemens / SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)
|
6GK5308-2FP00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)
Siemens / SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)
|
6GK5308-2FP10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M (6GK5308-2GG00-2AA2)
Siemens / SCALANCE X308-2M (6GK5308-2GG00-2AA2)
|
6GK5308-2GG00-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M (6GK5308-2GG10-2AA2)
Siemens / SCALANCE X308-2M (6GK5308-2GG10-2AA2)
|
6GK5308-2GG10-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)
Siemens / SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)
|
6GK5308-2QG00-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)
Siemens / SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)
|
6GK5308-2QG10-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)
Siemens / SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)
|
6GK5308-2GG00-2CA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)
Siemens / SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)
|
6GK5308-2GG10-2CA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X310 (6GK5310-0FA00-2AA3)
Siemens / SCALANCE X310 (6GK5310-0FA00-2AA3)
|
6GK5310-0FA00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X310 (6GK5310-0FA10-2AA3)
Siemens / SCALANCE X310 (6GK5310-0FA10-2AA3)
|
6GK5310-0FA10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X310FE (6GK5310-0BA00-2AA3)
Siemens / SCALANCE X310FE (6GK5310-0BA00-2AA3)
|
6GK5310-0BA00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X310FE (6GK5310-0BA10-2AA3)
Siemens / SCALANCE X310FE (6GK5310-0BA10-2AA3)
|
6GK5310-0BA10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)
Siemens / SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)
|
6GK5320-1BD00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)
Siemens / SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)
|
6GK5320-3BF00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X408-2 (6GK5408-2FD00-2AA2)
Siemens / SCALANCE X408-2 (6GK5408-2FD00-2AA2)
|
6GK5408-2FD00-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)
Siemens / SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)
|
6GK5201-3BH00-2BD2
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)
Siemens / SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)
|
6GK5202-2BH00-2BD2
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE XF204 (6GK5204-0BA00-2AF2)
Siemens / SCALANCE XF204 (6GK5204-0BA00-2AF2)
|
6GK5204-0BA00-2AF2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE XF204-2 (6GK5204-2BC00-2AF2)
Siemens / SCALANCE XF204-2 (6GK5204-2BC00-2AF2)
|
6GK5204-2BC00-2AF2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)
Siemens / SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)
|
6GK5204-2AA00-2BD2
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE XF204IRT (6GK5204-0BA00-2BF2)
Siemens / SCALANCE XF204IRT (6GK5204-0BA00-2BF2)
|
6GK5204-0BA00-2BF2
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE XF206-1 (6GK5206-1BC00-2AF2)
Siemens / SCALANCE XF206-1 (6GK5206-1BC00-2AF2)
|
6GK5206-1BC00-2AF2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE XF208 (6GK5208-0BA00-2AF2)
Siemens / SCALANCE XF208 (6GK5208-0BA00-2AF2)
|
6GK5208-0BA00-2AF2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)
Siemens / SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)
|
6GK5324-0GG00-3AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)
Siemens / SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)
|
6GK5324-0GG10-3AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)
Siemens / SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)
|
6GK5324-0GG00-3HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)
Siemens / SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)
|
6GK5324-0GG10-3HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)
Siemens / SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)
|
6GK5324-0GG00-1AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)
Siemens / SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)
|
6GK5324-0GG10-1AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)
Siemens / SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)
|
6GK5324-0GG00-1HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)
Siemens / SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)
|
6GK5324-0GG10-1HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)
Siemens / SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)
|
6GK5324-0GG00-1CR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)
Siemens / SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)
|
6GK5324-0GG10-1CR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)
Siemens / SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)
|
6GK5324-4GG00-3ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)
Siemens / SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)
|
6GK5324-4GG10-3ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)
Siemens / SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)
|
6GK5324-4GG00-3JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)
Siemens / SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)
|
6GK5324-4GG10-3JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)
Siemens / SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)
|
6GK5324-4GG00-1ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)
Siemens / SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)
|
6GK5324-4GG10-1ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)
Siemens / SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)
|
6GK5324-4GG00-1JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)
Siemens / SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)
|
6GK5324-4GG10-1JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)
Siemens / SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)
|
6GK5324-4GG00-4ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)
Siemens / SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)
|
6GK5324-4GG10-4ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)
Siemens / SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)
|
6GK5324-4GG00-4JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)
Siemens / SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)
|
6GK5324-4GG10-4JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)
Siemens / SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)
|
6GK5324-4GG00-2ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)
Siemens / SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)
|
6GK5324-4GG10-2ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)
Siemens / SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)
|
6GK5324-4GG00-2JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)
Siemens / SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)
|
6GK5324-4GG10-2JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)
Siemens / SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)
|
6GK5324-4QG00-3AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)
Siemens / SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)
|
6GK5324-4QG00-3HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)
Siemens / SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)
|
6GK5324-4QG00-1AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)
Siemens / SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)
|
6GK5324-4QG00-1HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)
Siemens / SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)
|
6GK5324-4QG00-1CR2
|
vers:all/* |
No Fix Planned
|
|
SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)
Siemens / SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)
|
6AG1202-2BH00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)
Siemens / SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)
|
6AG1308-2FL10-4AA3
|
vers:all/* |
No Fix Planned
|
CWE-190
- Integer Overflow or Wraparound
Affected products
Known affected
107 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)
Siemens / SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)
|
6GK5200-4AH00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)
Siemens / SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)
|
6GK5201-3BH00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)
Siemens / SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)
|
6GK5201-3JR00-2BA6
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)
Siemens / SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)
|
6GK5202-2BB00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)
Siemens / SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)
|
6GK5202-2BB10-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)
Siemens / SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)
|
6GK5202-2BH00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)
Siemens / SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)
|
6GK5202-2JR00-2BA6
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X204-2 (6GK5204-2BB10-2AA3)
Siemens / SCALANCE X204-2 (6GK5204-2BB10-2AA3)
|
6GK5204-2BB10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204-2FM (6GK5204-2BB11-2AA3)
Siemens / SCALANCE X204-2FM (6GK5204-2BB11-2AA3)
|
6GK5204-2BB11-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204-2LD (6GK5204-2BC10-2AA3)
Siemens / SCALANCE X204-2LD (6GK5204-2BC10-2AA3)
|
6GK5204-2BC10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)
Siemens / SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)
|
6GK5204-2BC10-2CA2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204-2TS (6GK5204-2BB10-2CA2)
Siemens / SCALANCE X204-2TS (6GK5204-2BB10-2CA2)
|
6GK5204-2BB10-2CA2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X204IRT (6GK5204-0BA00-2BA3)
Siemens / SCALANCE X204IRT (6GK5204-0BA00-2BA3)
|
6GK5204-0BA00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X204IRT (6GK5204-0BA10-2BA3)
Siemens / SCALANCE X204IRT (6GK5204-0BA10-2BA3)
|
6GK5204-0BA10-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)
Siemens / SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)
|
6GK5204-0JA00-2BA6
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE X206-1 (6GK5206-1BB10-2AA3)
Siemens / SCALANCE X206-1 (6GK5206-1BB10-2AA3)
|
6GK5206-1BB10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X206-1LD (6GK5206-1BC10-2AA3)
Siemens / SCALANCE X206-1LD (6GK5206-1BC10-2AA3)
|
6GK5206-1BC10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X208 (6GK5208-0BA10-2AA3)
Siemens / SCALANCE X208 (6GK5208-0BA10-2AA3)
|
6GK5208-0BA10-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X208PRO (6GK5208-0HA10-2AA6)
Siemens / SCALANCE X208PRO (6GK5208-0HA10-2AA6)
|
6GK5208-0HA10-2AA6
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X212-2 (6GK5212-2BB00-2AA3)
Siemens / SCALANCE X212-2 (6GK5212-2BB00-2AA3)
|
6GK5212-2BB00-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X212-2LD (6GK5212-2BC00-2AA3)
Siemens / SCALANCE X212-2LD (6GK5212-2BC00-2AA3)
|
6GK5212-2BC00-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X216 (6GK5216-0BA00-2AA3)
Siemens / SCALANCE X216 (6GK5216-0BA00-2AA3)
|
6GK5216-0BA00-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X224 (6GK5224-0BA00-2AA3)
Siemens / SCALANCE X224 (6GK5224-0BA00-2AA3)
|
6GK5224-0BA00-2AA3
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)
Siemens / SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)
|
6GK5302-7GD00-3GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)
Siemens / SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)
|
6GK5302-7GD00-3EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)
Siemens / SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)
|
6GK5302-7GD00-1GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)
Siemens / SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)
|
6GK5302-7GD00-1EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)
Siemens / SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)
|
6GK5302-7GD00-4GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)
Siemens / SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)
|
6GK5302-7GD00-4EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)
Siemens / SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)
|
6GK5302-7GD00-2GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)
Siemens / SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)
|
6GK5302-7GD00-2EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X304-2FE (6GK5304-2BD00-2AA3)
Siemens / SCALANCE X304-2FE (6GK5304-2BD00-2AA3)
|
6GK5304-2BD00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)
Siemens / SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)
|
6GK5306-1BF00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)
Siemens / SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)
|
6GK5307-2FD00-3GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)
Siemens / SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)
|
6GK5307-2FD00-3EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)
Siemens / SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)
|
6GK5307-2FD00-1GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)
Siemens / SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)
|
6GK5307-2FD00-1EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)
Siemens / SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)
|
6GK5307-2FD00-4GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)
Siemens / SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)
|
6GK5307-2FD00-4EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)
Siemens / SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)
|
6GK5307-2FD00-2GA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)
Siemens / SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)
|
6GK5307-2FD00-2EA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-3 (6GK5307-3BL00-2AA3)
Siemens / SCALANCE X307-3 (6GK5307-3BL00-2AA3)
|
6GK5307-3BL00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-3 (6GK5307-3BL10-2AA3)
Siemens / SCALANCE X307-3 (6GK5307-3BL10-2AA3)
|
6GK5307-3BL10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-3LD (6GK5307-3BM00-2AA3)
Siemens / SCALANCE X307-3LD (6GK5307-3BM00-2AA3)
|
6GK5307-3BM00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X307-3LD (6GK5307-3BM10-2AA3)
Siemens / SCALANCE X307-3LD (6GK5307-3BM10-2AA3)
|
6GK5307-3BM10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2 (6GK5308-2FL00-2AA3)
Siemens / SCALANCE X308-2 (6GK5308-2FL00-2AA3)
|
6GK5308-2FL00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2 (6GK5308-2FL10-2AA3)
Siemens / SCALANCE X308-2 (6GK5308-2FL10-2AA3)
|
6GK5308-2FL10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LD (6GK5308-2FM00-2AA3)
Siemens / SCALANCE X308-2LD (6GK5308-2FM00-2AA3)
|
6GK5308-2FM00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LD (6GK5308-2FM10-2AA3)
Siemens / SCALANCE X308-2LD (6GK5308-2FM10-2AA3)
|
6GK5308-2FM10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LH (6GK5308-2FN00-2AA3)
Siemens / SCALANCE X308-2LH (6GK5308-2FN00-2AA3)
|
6GK5308-2FN00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LH (6GK5308-2FN10-2AA3)
Siemens / SCALANCE X308-2LH (6GK5308-2FN10-2AA3)
|
6GK5308-2FN10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)
Siemens / SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)
|
6GK5308-2FP00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)
Siemens / SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)
|
6GK5308-2FP10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M (6GK5308-2GG00-2AA2)
Siemens / SCALANCE X308-2M (6GK5308-2GG00-2AA2)
|
6GK5308-2GG00-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M (6GK5308-2GG10-2AA2)
Siemens / SCALANCE X308-2M (6GK5308-2GG10-2AA2)
|
6GK5308-2GG10-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)
Siemens / SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)
|
6GK5308-2QG00-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)
Siemens / SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)
|
6GK5308-2QG10-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)
Siemens / SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)
|
6GK5308-2GG00-2CA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)
Siemens / SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)
|
6GK5308-2GG10-2CA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X310 (6GK5310-0FA00-2AA3)
Siemens / SCALANCE X310 (6GK5310-0FA00-2AA3)
|
6GK5310-0FA00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X310 (6GK5310-0FA10-2AA3)
Siemens / SCALANCE X310 (6GK5310-0FA10-2AA3)
|
6GK5310-0FA10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X310FE (6GK5310-0BA00-2AA3)
Siemens / SCALANCE X310FE (6GK5310-0BA00-2AA3)
|
6GK5310-0BA00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X310FE (6GK5310-0BA10-2AA3)
Siemens / SCALANCE X310FE (6GK5310-0BA10-2AA3)
|
6GK5310-0BA10-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)
Siemens / SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)
|
6GK5320-1BD00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)
Siemens / SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)
|
6GK5320-3BF00-2AA3
|
vers:all/* |
No Fix Planned
|
|
SCALANCE X408-2 (6GK5408-2FD00-2AA2)
Siemens / SCALANCE X408-2 (6GK5408-2FD00-2AA2)
|
6GK5408-2FD00-2AA2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)
Siemens / SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)
|
6GK5201-3BH00-2BD2
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)
Siemens / SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)
|
6GK5202-2BH00-2BD2
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE XF204 (6GK5204-0BA00-2AF2)
Siemens / SCALANCE XF204 (6GK5204-0BA00-2AF2)
|
6GK5204-0BA00-2AF2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE XF204-2 (6GK5204-2BC00-2AF2)
Siemens / SCALANCE XF204-2 (6GK5204-2BC00-2AF2)
|
6GK5204-2BC00-2AF2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)
Siemens / SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)
|
6GK5204-2AA00-2BD2
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE XF204IRT (6GK5204-0BA00-2BF2)
Siemens / SCALANCE XF204IRT (6GK5204-0BA00-2BF2)
|
6GK5204-0BA00-2BF2
|
<V5.5.2 |
Vendor Fix
fix
|
|
SCALANCE XF206-1 (6GK5206-1BC00-2AF2)
Siemens / SCALANCE XF206-1 (6GK5206-1BC00-2AF2)
|
6GK5206-1BC00-2AF2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE XF208 (6GK5208-0BA00-2AF2)
Siemens / SCALANCE XF208 (6GK5208-0BA00-2AF2)
|
6GK5208-0BA00-2AF2
|
<V5.2.6 |
Vendor Fix
fix
|
|
SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)
Siemens / SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)
|
6GK5324-0GG00-3AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)
Siemens / SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)
|
6GK5324-0GG10-3AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)
Siemens / SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)
|
6GK5324-0GG00-3HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)
Siemens / SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)
|
6GK5324-0GG10-3HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)
Siemens / SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)
|
6GK5324-0GG00-1AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)
Siemens / SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)
|
6GK5324-0GG10-1AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)
Siemens / SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)
|
6GK5324-0GG00-1HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)
Siemens / SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)
|
6GK5324-0GG10-1HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)
Siemens / SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)
|
6GK5324-0GG00-1CR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)
Siemens / SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)
|
6GK5324-0GG10-1CR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)
Siemens / SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)
|
6GK5324-4GG00-3ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)
Siemens / SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)
|
6GK5324-4GG10-3ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)
Siemens / SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)
|
6GK5324-4GG00-3JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)
Siemens / SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)
|
6GK5324-4GG10-3JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)
Siemens / SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)
|
6GK5324-4GG00-1ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)
Siemens / SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)
|
6GK5324-4GG10-1ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)
Siemens / SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)
|
6GK5324-4GG00-1JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)
Siemens / SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)
|
6GK5324-4GG10-1JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)
Siemens / SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)
|
6GK5324-4GG00-4ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)
Siemens / SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)
|
6GK5324-4GG10-4ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)
Siemens / SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)
|
6GK5324-4GG00-4JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)
Siemens / SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)
|
6GK5324-4GG10-4JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)
Siemens / SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)
|
6GK5324-4GG00-2ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)
Siemens / SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)
|
6GK5324-4GG10-2ER2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)
Siemens / SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)
|
6GK5324-4GG00-2JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)
Siemens / SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)
|
6GK5324-4GG10-2JR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)
Siemens / SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)
|
6GK5324-4QG00-3AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)
Siemens / SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)
|
6GK5324-4QG00-3HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)
Siemens / SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)
|
6GK5324-4QG00-1AR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)
Siemens / SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)
|
6GK5324-4QG00-1HR2
|
vers:all/* |
No Fix Planned
|
|
SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)
Siemens / SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)
|
6GK5324-4QG00-1CR2
|
vers:all/* |
No Fix Planned
|
|
SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)
Siemens / SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)
|
6AG1202-2BH00-2BA3
|
<V5.5.2 |
Vendor Fix
fix
|
|
SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)
Siemens / SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)
|
6AG1308-2FL10-4AA3
|
vers:all/* |
No Fix Planned
|
References
10 references
| URL | Category |
|---|---|
| https://cert-portal.siemens.com/productcert/csaf/… | self |
| https://cert-portal.siemens.com/productcert/html/… | self |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-813746.json"
},
{
"category": "self",
"summary": "SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-103-13 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-103-13.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-103-13 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-13"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE Switch Families",
"tracking": {
"current_release_date": "2024-08-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-103-13",
"initial_release_date": "2023-04-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2023-04-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated description and CVSS for CVE-2020-35198"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6GK5200-4AH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3JR00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BB00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BB10-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2JR00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2 (6GK5204-2BB10-2AA3)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2 (6GK5204-2BB10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2FM (6GK5204-2BB11-2AA3)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB11-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2FM (6GK5204-2BB11-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2LD (6GK5204-2BC10-2AA3)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2LD (6GK5204-2BC10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2TS (6GK5204-2BB10-2CA2)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2TS (6GK5204-2BB10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT (6GK5204-0BA00-2BA3)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT (6GK5204-0BA00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT (6GK5204-0BA10-2BA3)",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA10-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT (6GK5204-0BA10-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0JA00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X206-1 (6GK5206-1BB10-2AA3)",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BB10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X206-1 (6GK5206-1BB10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X206-1LD (6GK5206-1BC10-2AA3)",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BC10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X206-1LD (6GK5206-1BC10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X208 (6GK5208-0BA10-2AA3)",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0BA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X208 (6GK5208-0BA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X208PRO (6GK5208-0HA10-2AA6)",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0HA10-2AA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X208PRO (6GK5208-0HA10-2AA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X212-2 (6GK5212-2BB00-2AA3)",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"6GK5212-2BB00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X212-2 (6GK5212-2BB00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X212-2LD (6GK5212-2BC00-2AA3)",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"model_numbers": [
"6GK5212-2BC00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X212-2LD (6GK5212-2BC00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X216 (6GK5216-0BA00-2AA3)",
"product_id": "CSAFPID-0022",
"product_identification_helper": {
"model_numbers": [
"6GK5216-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X216 (6GK5216-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X224 (6GK5224-0BA00-2AA3)",
"product_id": "CSAFPID-0023",
"product_identification_helper": {
"model_numbers": [
"6GK5224-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X224 (6GK5224-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)",
"product_id": "CSAFPID-0024",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-2EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)",
"product_id": "CSAFPID-0025",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-2GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)",
"product_id": "CSAFPID-0026",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-4EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)",
"product_id": "CSAFPID-0027",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-4GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)",
"product_id": "CSAFPID-0028",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-1EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)",
"product_id": "CSAFPID-0029",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-1GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)",
"product_id": "CSAFPID-0030",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-3EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)",
"product_id": "CSAFPID-0031",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-3GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3)",
"product_id": "CSAFPID-0032",
"product_identification_helper": {
"model_numbers": [
"6GK5304-2BD00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)",
"product_id": "CSAFPID-0033",
"product_identification_helper": {
"model_numbers": [
"6GK5306-1BF00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)",
"product_id": "CSAFPID-0034",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-2EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)",
"product_id": "CSAFPID-0035",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-2GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)",
"product_id": "CSAFPID-0036",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-4EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)",
"product_id": "CSAFPID-0037",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-4GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)",
"product_id": "CSAFPID-0038",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-1EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)",
"product_id": "CSAFPID-0039",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-1GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)",
"product_id": "CSAFPID-0040",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-3EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)",
"product_id": "CSAFPID-0041",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-3GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3 (6GK5307-3BL00-2AA3)",
"product_id": "CSAFPID-0042",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BL00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3 (6GK5307-3BL00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3 (6GK5307-3BL10-2AA3)",
"product_id": "CSAFPID-0043",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BL10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3 (6GK5307-3BL10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3LD (6GK5307-3BM00-2AA3)",
"product_id": "CSAFPID-0044",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BM00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3LD (6GK5307-3BM00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3LD (6GK5307-3BM10-2AA3)",
"product_id": "CSAFPID-0045",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BM10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3LD (6GK5307-3BM10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2 (6GK5308-2FL00-2AA3)",
"product_id": "CSAFPID-0046",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FL00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2 (6GK5308-2FL00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2 (6GK5308-2FL10-2AA3)",
"product_id": "CSAFPID-0047",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FL10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2 (6GK5308-2FL10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LD (6GK5308-2FM00-2AA3)",
"product_id": "CSAFPID-0048",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FM00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LD (6GK5308-2FM00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LD (6GK5308-2FM10-2AA3)",
"product_id": "CSAFPID-0049",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FM10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LD (6GK5308-2FM10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH (6GK5308-2FN00-2AA3)",
"product_id": "CSAFPID-0050",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FN00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH (6GK5308-2FN00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH (6GK5308-2FN10-2AA3)",
"product_id": "CSAFPID-0051",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FN10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH (6GK5308-2FN10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)",
"product_id": "CSAFPID-0052",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FP00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)",
"product_id": "CSAFPID-0053",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FP10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M (6GK5308-2GG00-2AA2)",
"product_id": "CSAFPID-0054",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M (6GK5308-2GG00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M (6GK5308-2GG10-2AA2)",
"product_id": "CSAFPID-0055",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG10-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M (6GK5308-2GG10-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)",
"product_id": "CSAFPID-0056",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2QG00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)",
"product_id": "CSAFPID-0057",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2QG10-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)",
"product_id": "CSAFPID-0058",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG00-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)",
"product_id": "CSAFPID-0059",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310 (6GK5310-0FA00-2AA3)",
"product_id": "CSAFPID-0060",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0FA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310 (6GK5310-0FA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310 (6GK5310-0FA10-2AA3)",
"product_id": "CSAFPID-0061",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0FA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310 (6GK5310-0FA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310FE (6GK5310-0BA00-2AA3)",
"product_id": "CSAFPID-0062",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310FE (6GK5310-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310FE (6GK5310-0BA10-2AA3)",
"product_id": "CSAFPID-0063",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0BA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310FE (6GK5310-0BA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)",
"product_id": "CSAFPID-0064",
"product_identification_helper": {
"model_numbers": [
"6GK5320-1BD00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)",
"product_id": "CSAFPID-0065",
"product_identification_helper": {
"model_numbers": [
"6GK5320-3BF00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X408-2 (6GK5408-2FD00-2AA2)",
"product_id": "CSAFPID-0066",
"product_identification_helper": {
"model_numbers": [
"6GK5408-2FD00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X408-2 (6GK5408-2FD00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)",
"product_id": "CSAFPID-0067",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3BH00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)",
"product_id": "CSAFPID-0068",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BH00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF204 (6GK5204-0BA00-2AF2)",
"product_id": "CSAFPID-0069",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204 (6GK5204-0BA00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF204-2 (6GK5204-2BC00-2AF2)",
"product_id": "CSAFPID-0070",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204-2 (6GK5204-2BC00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)",
"product_id": "CSAFPID-0071",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2AA00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2)",
"product_id": "CSAFPID-0072",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2BF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF206-1 (6GK5206-1BC00-2AF2)",
"product_id": "CSAFPID-0073",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BC00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF206-1 (6GK5206-1BC00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF208 (6GK5208-0BA00-2AF2)",
"product_id": "CSAFPID-0074",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0BA00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF208 (6GK5208-0BA00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)",
"product_id": "CSAFPID-0075",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-2ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)",
"product_id": "CSAFPID-0076",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-2ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)",
"product_id": "CSAFPID-0077",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-2JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)",
"product_id": "CSAFPID-0078",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-2JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)",
"product_id": "CSAFPID-0079",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-4ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)",
"product_id": "CSAFPID-0080",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-4ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)",
"product_id": "CSAFPID-0081",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-4JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)",
"product_id": "CSAFPID-0082",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-4JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)",
"product_id": "CSAFPID-0083",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-1ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)",
"product_id": "CSAFPID-0084",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-1ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)",
"product_id": "CSAFPID-0085",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-1JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)",
"product_id": "CSAFPID-0086",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-1JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)",
"product_id": "CSAFPID-0087",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-3ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)",
"product_id": "CSAFPID-0088",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-3ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)",
"product_id": "CSAFPID-0089",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-3JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)",
"product_id": "CSAFPID-0090",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-3JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)",
"product_id": "CSAFPID-0091",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)",
"product_id": "CSAFPID-0092",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)",
"product_id": "CSAFPID-0093",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)",
"product_id": "CSAFPID-0094",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)",
"product_id": "CSAFPID-0095",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)",
"product_id": "CSAFPID-0096",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)",
"product_id": "CSAFPID-0097",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)",
"product_id": "CSAFPID-0098",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)",
"product_id": "CSAFPID-0099",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)",
"product_id": "CSAFPID-0100",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)",
"product_id": "CSAFPID-0101",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)",
"product_id": "CSAFPID-0102",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)",
"product_id": "CSAFPID-0103",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)",
"product_id": "CSAFPID-0104",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)",
"product_id": "CSAFPID-0105",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)",
"product_id": "CSAFPID-0106",
"product_identification_helper": {
"model_numbers": [
"6AG1202-2BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)",
"product_id": "CSAFPID-0107",
"product_identification_helper": {
"model_numbers": [
"6AG1308-2FL10-4AA3"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0106",
"CSAFPID-0107"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0107"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.2.6 or later version",
"product_ids": [
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0073",
"CSAFPID-0074"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811753/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0106"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817790/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0106",
"CSAFPID-0107"
]
}
],
"title": "CVE-2020-28895"
},
{
"cve": "CVE-2020-35198",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The APIs cacheDmaMalloc()/cacheArchDmaMalloc()/mmap64() align the size of the requested buffer with the memory page size of the target platform. If the requested size is large enough to cause integer overflow by the alignment calculation, a valid pointer to a buffer that is smaller than the requested size is returned, opening the door to use for heap overflow attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0106",
"CSAFPID-0107"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0107"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.2.6 or later version",
"product_ids": [
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0073",
"CSAFPID-0074"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811753/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0106"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817790/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0106",
"CSAFPID-0107"
]
}
],
"title": "CVE-2020-35198"
}
]
}
ICSA-25-155-02
Vulnerability from csaf_cisa - Published: 2021-12-16 13:30 - Updated: 2025-05-27 12:30Summary
Hitachi Energy Relion 670 650 series and SAM600-IO Product
Severity
Critical
Notes
Summary: Hitachi Energy is aware of two critical memory allocation vulnerabilities (called BadAlloc [1] vulnerabilities) in the WindRiver VxWorks Operating Systems [2][3] that are used in our product versions listed in this advisory.
An attacker that exploits these vulnerabilities might bypass security controls to execute malicious code or cause a denial-of-service. For immediate mitigation/workaround information, please refer to the Mitigation Fac-tors/Workaround Section.
[1] BadAlloc – Microsoft’s Section 52 - https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allo-cation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/
[2] Wind River VxWorks – CVE-2020-28895 Advisory - https://support2.windriver.com/in-dex.php?page=cve&on=view&id=CVE-2020-28895
[3] Wind River VxWorks – CVE-2020-35198 Advisory - https://support2.windriver.com/in-dex.php?page=cve&on=view&id=CVE-2020-35198
Notice: The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warran-ties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.
Support: For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.
General Mitigation Factors: Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000070 from a direct conversion of their vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
7.3 (High)
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Relion 670 series version 2.2.5 revisions up to 2.2.5.1
Hitachi Energy / Relion 670
|
vers:all/>=2.2.5.0|<=2.2.5.1 |
Vendor Fix
|
|
|
Relion 670 series version 2.2.4 revisions up to 2.2.4.2
Hitachi Energy / Relion 670
|
vers:all/>=2.2.4.0|<=2.2.4.2 |
Vendor Fix
|
|
|
Relion 670 series version 2.2.3 revisions up to 2.2.3.4
Hitachi Energy / Relion 670
|
vers:all/>=2.2.3.0|<=2.2.3.4 |
Vendor Fix
|
|
|
Relion 670 series version 2.2.2 revisions up to 2.2.2.4
Hitachi Energy / Relion 670
|
vers:all/>=2.2.2.0|<=2.2.2.4 |
Vendor Fix
|
|
|
Relion 670 series version 2.2.1 revisions up to 2.2.1.7
Hitachi Energy / Relion 670
|
vers:all/>=2.2.1.0|<=2.2.1.7 |
Vendor Fix
|
|
|
Relion 670 series version 1.1 to 2.2.0 all revisions
Hitachi Energy / Relion 670
|
vers:all/>=1.1|<2.2.1 |
Mitigation
|
|
|
Relion 650 series version 2.2.5 revisions up to 2.2.5.1
Hitachi Energy / Relion 650
|
vers:all/>=2.2.5.0|<=2.2.5.1 |
Vendor Fix
|
|
|
Relion 650 series version 2.2.4 revisions up to 2.2.4.2
Hitachi Energy / Relion 650
|
vers:all/>=2.2.4.0|<=2.2.4.2 |
Vendor Fix
|
|
|
Relion 650 series version 2.2.1 revisions up to 2.2.1.7
Hitachi Energy / Relion 650
|
vers:all/>=2.2.1.0|<=2.2.1.7 |
Vendor Fix
|
|
|
Relion 650 series version 1.0 to 2.2.0 all revisions
Hitachi Energy / Relion 650
|
vers:all/>=1.0|<2.2.1 |
Mitigation
|
|
|
SAM-IO series version 2.2.5 revisions up to 2.2.5.1
Hitachi Energy / SAM-IO
|
vers:all/>=2.2.5.0|<=2.2.5.1 |
Vendor Fix
|
|
|
SAM-IO series version 2.2.1 revisions up to 2.2.1.7
Hitachi Energy / SAM-IO
|
vers:all/>=2.2.1.0|<=2.2.1.7 |
Vendor Fix
|
An issue was discovered in Wind River VxWorks 7. The memory al-locator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
9.8 (Critical)
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Relion 670 series version 2.2.5 revisions up to 2.2.5.1
Hitachi Energy / Relion 670
|
vers:all/>=2.2.5.0|<=2.2.5.1 |
Vendor Fix
|
|
|
Relion 670 series version 2.2.4 revisions up to 2.2.4.2
Hitachi Energy / Relion 670
|
vers:all/>=2.2.4.0|<=2.2.4.2 |
Vendor Fix
|
|
|
Relion 670 series version 2.2.3 revisions up to 2.2.3.4
Hitachi Energy / Relion 670
|
vers:all/>=2.2.3.0|<=2.2.3.4 |
Vendor Fix
|
|
|
Relion 670 series version 2.2.2 revisions up to 2.2.2.4
Hitachi Energy / Relion 670
|
vers:all/>=2.2.2.0|<=2.2.2.4 |
Vendor Fix
|
|
|
Relion 670 series version 2.2.1 revisions up to 2.2.1.7
Hitachi Energy / Relion 670
|
vers:all/>=2.2.1.0|<=2.2.1.7 |
Vendor Fix
|
|
|
Relion 670 series version 1.1 to 2.2.0 all revisions
Hitachi Energy / Relion 670
|
vers:all/>=1.1|<2.2.1 |
Mitigation
|
|
|
Relion 650 series version 2.2.5 revisions up to 2.2.5.1
Hitachi Energy / Relion 650
|
vers:all/>=2.2.5.0|<=2.2.5.1 |
Vendor Fix
|
|
|
Relion 650 series version 2.2.4 revisions up to 2.2.4.2
Hitachi Energy / Relion 650
|
vers:all/>=2.2.4.0|<=2.2.4.2 |
Vendor Fix
|
|
|
Relion 650 series version 2.2.1 revisions up to 2.2.1.7
Hitachi Energy / Relion 650
|
vers:all/>=2.2.1.0|<=2.2.1.7 |
Vendor Fix
|
|
|
Relion 650 series version 1.0 to 2.2.0 all revisions
Hitachi Energy / Relion 650
|
vers:all/>=1.0|<2.2.1 |
Mitigation
|
|
|
SAM-IO series version 2.2.5 revisions up to 2.2.5.1
Hitachi Energy / SAM-IO
|
vers:all/>=2.2.5.0|<=2.2.5.1 |
Vendor Fix
|
|
|
SAM-IO series version 2.2.1 revisions up to 2.2.1.7
Hitachi Energy / SAM-IO
|
vers:all/>=2.2.1.0|<=2.2.1.7 |
Vendor Fix
|
References
11 references
| URL | Category |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://publisher.hitachienergy.com/preview?Docum… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
| https://nvd.nist.gov/vuln/detail/CVE-2020-28895 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2020-35198 | external |
Acknowledgments
Hitachi Energy PSIRT
{
"document": {
"acknowledgments": [
{
"organization": "Hitachi Energy PSIRT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/specification-document",
"text": "CRITICAL"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Hitachi Energy is aware of two critical memory allocation vulnerabilities (called BadAlloc [1] vulnerabilities) in the WindRiver VxWorks Operating Systems [2][3] that are used in our product versions listed in this advisory.\nAn attacker that exploits these vulnerabilities might bypass security controls to execute malicious code or cause a denial-of-service. For immediate mitigation/workaround information, please refer to the Mitigation Fac-tors/Workaround Section.\n\n[1] BadAlloc \u2013 Microsoft\u2019s Section 52 - https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allo-cation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/\n[2] Wind River VxWorks \u2013 CVE-2020-28895 Advisory - https://support2.windriver.com/in-dex.php?page=cve\u0026on=view\u0026id=CVE-2020-28895\n[3] Wind River VxWorks \u2013 CVE-2020-35198 Advisory - https://support2.windriver.com/in-dex.php?page=cve\u0026on=view\u0026id=CVE-2020-35198",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warran-ties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.",
"title": "Notice"
},
{
"category": "general",
"text": "For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.",
"title": "Support"
},
{
"category": "general",
"text": "Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"title": "General Mitigation Factors"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000070 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-155-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-155-02.json"
},
{
"category": "self",
"summary": "Cybersecurity Advisory - BadAlloc \u2013 Memory Allocation Vulnerabilities in Hitachi Energy Relion 670, 650 series and SAM600-IO Product",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000070\u0026languageCode=en\u0026Preview=true"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-155-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Hitachi Energy Relion 670 650 series and SAM600-IO Product",
"tracking": {
"current_release_date": "2025-05-27T12:30:00.000000Z",
"generator": {
"date": "2025-06-05T16:55:18.347501Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-155-02",
"initial_release_date": "2021-12-16T13:30:00.000000Z",
"revision_history": [
{
"date": "2021-12-16T13:30:00.000000Z",
"number": "1",
"summary": "Initial version."
},
{
"date": "2025-05-27T12:30:00.000000Z",
"number": "2",
"summary": "Update to Recommended Actions table with fixed versions"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.5.0|\u003c=2.2.5.1",
"product": {
"name": "Relion 670 series version 2.2.5 revisions up to 2.2.5.1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.4.0|\u003c=2.2.4.2",
"product": {
"name": "Relion 670 series version 2.2.4 revisions up to 2.2.4.2",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.3.0|\u003c=2.2.3.4",
"product": {
"name": "Relion 670 series version 2.2.3 revisions up to 2.2.3.4",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.2.0|\u003c=2.2.2.4",
"product": {
"name": "Relion 670 series version 2.2.2 revisions up to 2.2.2.4",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.1.0|\u003c=2.2.1.7",
"product": {
"name": "Relion 670 series version 2.2.1 revisions up to 2.2.1.7",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=1.1|\u003c2.2.1",
"product": {
"name": "Relion 670 series version 1.1 to 2.2.0 all revisions",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.5.0|\u003c=2.2.5.1",
"product": {
"name": "Relion 650 series version 2.2.5 revisions up to 2.2.5.1",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Relion 650"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.4.0|\u003c=2.2.4.2",
"product": {
"name": "Relion 650 series version 2.2.4 revisions up to 2.2.4.2",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Relion 650"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.1.0|\u003c=2.2.1.7",
"product": {
"name": "Relion 650 series version 2.2.1 revisions up to 2.2.1.7",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Relion 650"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=1.0|\u003c2.2.1",
"product": {
"name": "Relion 650 series version 1.0 to 2.2.0 all revisions",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Relion 650"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.5.0|\u003c=2.2.5.1",
"product": {
"name": "SAM-IO series version 2.2.5 revisions up to 2.2.5.1",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "SAM-IO"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.1.0|\u003c=2.2.1.7",
"product": {
"name": "SAM-IO series version 2.2.1 revisions up to 2.2.1.7",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "SAM-IO"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
"references": [
{
"category": "external",
"summary": "NVD CVE Detail",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to 2.2.5.2 version or latest",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0007",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.4.3 version or latest",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.3.5 version or latest",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.2.5 version or latest",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.1.8 version or latest",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "Refer to the Mitigation Factors/Workaround Section for the current mitigation strategy.",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0010"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
}
],
"title": "CVE-2020-28895"
},
{
"cve": "CVE-2020-35198",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in Wind River VxWorks 7. The memory al-locator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
"references": [
{
"category": "external",
"summary": "NVD CVE Detail",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to 2.2.5.2 version or latest",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0007",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.4.3 version or latest",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.3.5 version or latest",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.2.5 version or latest",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.1.8 version or latest",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "Refer to the Mitigation Factors/Workaround Section for the current mitigation strategy.",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0010"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
}
],
"title": "CVE-2020-35198"
}
]
}
ICSA-25-252-09
Vulnerability from csaf_cisa - Published: 2025-09-09 06:00 - Updated: 2025-09-09 06:00Summary
Rockwell Automation 1783-NATR
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices: No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
References
13 references
| URL | Category |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://www.cisa.gov/uscert/sites/default/files/p… | external |
| https://www.cisa.gov/uscert/ncas/tips/ST04-014 | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
| https://www.cve.org/CVERecord?id=CVE-2020-28895 | external |
| https://www.first.org/cvss/calculator/3.1#CVSS:3.… | external |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.… | external |
Acknowledgments
Rockwell Automation
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-252-09 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-252-09.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-25-252-09 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-09"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Rockwell Automation 1783-NATR",
"tracking": {
"current_release_date": "2025-09-09T06:00:00.000000Z",
"generator": {
"date": "2025-09-09T14:51:38.306575Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-252-09",
"initial_release_date": "2025-09-09T06:00:00.000000Z",
"revision_history": [
{
"date": "2025-09-09T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.007",
"product": {
"name": "Rockwell Automation 1783-NATR: \u003c1.007",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "1783-NATR"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-1103",
"name": "Use of Platform-Dependent Third Party Components"
},
"notes": [
{
"category": "summary",
"text": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation released a product update addressing this vulnerability:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Version 1.007",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Users of the affected software unable to upgrade to one of the corrected versions should follow Rockwell Automation\u0027s security best practices.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…