ICSA-22-249-04
Vulnerability from csaf_cisa - Published: 2022-09-06 00:00 - Updated: 2022-09-06 00:00Summary
Hitachi Energy TXpert Hub CoreTec 4
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition on the product, modify configuration, obtain sensitive information from the device, and load malicious firmware.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Exploitability: No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.
6.0 (Medium)
Vendor Fix
Hitachi Energy recommends updating the affected products to the following versions to remediate CVE-2021-35530 and CVE-2021-35531 specifically: TXpert Hub CoreTec 4 version 2.3.0 or higher
Mitigation
Physically protect process control systems from unauthorized direct access.
Mitigation
Do not expose process control systems to the internet.
Mitigation
Use a firewall system with the necessary ports open to separate process control systems from other networks.
Mitigation
Process control systems should not be used for internet surfing, instant messaging, or receiving emails.
Mitigation
Portable computers and removable storage media should be carefully scanned for viruses before connecting to process control systems.
Mitigation
Ensure users of the system have individual user accounts. Shared user accounts should not be used.
Mitigation
Users should have only the necessary rights required.
Mitigation
System default user accounts should be deleted.
Vendor Fix
Additionally, Hitachi Energy recommends following product Security Deployment Guidelines. Recommended practices for the affected product can be found in the TXpert Hub CoreTec 4 Software Manual.
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
For more information, see Hitachi Energy security advisory 8DBD000080
https://search.abb.com/library/Download.aspx?Docu…
6.0 (Medium)
Vendor Fix
Hitachi Energy recommends updating the affected products to the following versions to remediate CVE-2021-35530 and CVE-2021-35531 specifically: TXpert Hub CoreTec 4 version 2.3.0 or higher
Mitigation
Physically protect process control systems from unauthorized direct access.
Mitigation
Do not expose process control systems to the internet.
Mitigation
Use a firewall system with the necessary ports open to separate process control systems from other networks.
Mitigation
Process control systems should not be used for internet surfing, instant messaging, or receiving emails.
Mitigation
Portable computers and removable storage media should be carefully scanned for viruses before connecting to process control systems.
Mitigation
Ensure users of the system have individual user accounts. Shared user accounts should not be used.
Mitigation
Users should have only the necessary rights required.
Mitigation
System default user accounts should be deleted.
Vendor Fix
Additionally, Hitachi Energy recommends following product Security Deployment Guidelines. Recommended practices for the affected product can be found in the TXpert Hub CoreTec 4 Software Manual.
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
For more information, see Hitachi Energy security advisory 8DBD000080
https://search.abb.com/library/Download.aspx?Docu…
6.0 (Medium)
Mitigation
Physically protect process control systems from unauthorized direct access.
Mitigation
Do not expose process control systems to the internet.
Mitigation
Use a firewall system with the necessary ports open to separate process control systems from other networks.
Mitigation
Process control systems should not be used for internet surfing, instant messaging, or receiving emails.
Mitigation
Portable computers and removable storage media should be carefully scanned for viruses before connecting to process control systems.
Mitigation
Ensure users of the system have individual user accounts. Shared user accounts should not be used.
Mitigation
Users should have only the necessary rights required.
Mitigation
System default user accounts should be deleted.
Vendor Fix
Additionally, Hitachi Energy recommends following product Security Deployment Guidelines. Recommended practices for the affected product can be found in the TXpert Hub CoreTec 4 Software Manual.
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
For more information, see Hitachi Energy security advisory 8DBD000080
https://search.abb.com/library/Download.aspx?Docu…
References
Acknowledgments
Hitachi Energy
{
"document": {
"acknowledgments": [
{
"organization": "Hitachi Energy",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition on the product, modify configuration, obtain sensitive information from the device, and load malicious firmware.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-249-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-249-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-249-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-249-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-249-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
}
],
"title": "Hitachi Energy TXpert Hub CoreTec 4",
"tracking": {
"current_release_date": "2022-09-06T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-249-04",
"initial_release_date": "2022-09-06T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-09-06T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.2.0 | 2.2.1",
"product": {
"name": "TXpert Hub CoreTec 4: version 2.2.0 2.2.1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "TXpert Hub CoreTec 4"
},
{
"branches": [
{
"category": "product_version",
"name": "2.0.0 | 2.0.1",
"product": {
"name": "TXpert Hub CoreTec 4: version 2.0.0 2.0.1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "TXpert Hub CoreTec 4"
},
{
"branches": [
{
"category": "product_version",
"name": "2.1.0 | 2.1.1 | 2.1.2 | 2.1.3",
"product": {
"name": "TXpert Hub CoreTec 4: version 2.1.0 2.1.1 2.1.2 2.1.3",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "TXpert Hub CoreTec 4"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-35530",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in the application authentication and authorization mechanism in the affected product depends on a token validation of the session identifier. The vulnerability allows an unauthorized modified message to be executed in the server, enabling an attacker to change an existing user \u0027s password, and gain authorized access into the system.CVE-2021-35530 has been assigned to this vulnerability. A CVSS v3 base score of 6.0 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35530"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Hitachi Energy recommends updating the affected products to the following versions to remediate CVE-2021-35530 and CVE-2021-35531 specifically: TXpert Hub CoreTec 4 version 2.3.0 or higher",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Physically protect process control systems from unauthorized direct access.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Do not expose process control systems to the internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Use a firewall system with the necessary ports open to separate process control systems from other networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for internet surfing, instant messaging, or receiving emails.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before connecting to process control systems.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Ensure users of the system have individual user accounts. Shared user accounts should not be used.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Users should have only the necessary rights required.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "System default user accounts should be deleted.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Additionally, Hitachi Energy recommends following product Security Deployment Guidelines. Recommended practices for the affected product can be found in the TXpert Hub CoreTec 4 Software Manual.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1ZBK000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "For more information, see Hitachi Energy security advisory 8DBD000080",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2021-35531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An Improper Input Validation vulnerability in a particular configuration setting field of the affected product allows an attacker, who has access to an authorized user with ADMIN or ENGINEER role rights, to inject an operating system (OS) command; this command will then be executed by the system.CVE-2021-35531 has been assigned to this vulnerability. A CVSS v3 base score of 6.0 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35531"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Hitachi Energy recommends updating the affected products to the following versions to remediate CVE-2021-35530 and CVE-2021-35531 specifically: TXpert Hub CoreTec 4 version 2.3.0 or higher",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Physically protect process control systems from unauthorized direct access.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Do not expose process control systems to the internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Use a firewall system with the necessary ports open to separate process control systems from other networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for internet surfing, instant messaging, or receiving emails.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before connecting to process control systems.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Ensure users of the system have individual user accounts. Shared user accounts should not be used.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Users should have only the necessary rights required.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "System default user accounts should be deleted.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Additionally, Hitachi Energy recommends following product Security Deployment Guidelines. Recommended practices for the affected product can be found in the TXpert Hub CoreTec 4 Software Manual.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1ZBK000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "For more information, see Hitachi Energy security advisory 8DBD000080",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2021-35532",
"cwe": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in the file upload validation component of the affected product. The vulnerability allows an attacker to gain access to the system and obtain an account with sufficient privilege to then upload a malicious firmware to the product.CVE-2021-35532 has been assigned to this vulnerability. A CVSS v3 base score of 6.0 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35532"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Physically protect process control systems from unauthorized direct access.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Do not expose process control systems to the internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Use a firewall system with the necessary ports open to separate process control systems from other networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Process control systems should not be used for internet surfing, instant messaging, or receiving emails.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Portable computers and removable storage media should be carefully scanned for viruses before connecting to process control systems.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Ensure users of the system have individual user accounts. Shared user accounts should not be used.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Users should have only the necessary rights required.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "System default user accounts should be deleted.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Additionally, Hitachi Energy recommends following product Security Deployment Guidelines. Recommended practices for the affected product can be found in the TXpert Hub CoreTec 4 Software Manual.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1ZBK000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "For more information, see Hitachi Energy security advisory 8DBD000080",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…