VDE-2021-048
Vulnerability from csaf_lenzese - Published: 2021-10-04 12:33 - Updated: 2021-10-04 12:33Summary
Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication
Notes
Summary: The affected products contain a CODESYS Control runtime system in version V2. They are therefore affected by the
vulnerability described in CODESYS Advisory 2021-06. It provides a communication server for the communication with clients like the CODESYS Development System.
The 9400 servo inverters is only affected if the communication Path via the inserted EtherNet Module E94AYCEN on slot MXI1 or MXI2 is used. If the Module E94AYCEN is used, the following Versions are affected.
Product Identification: E94xSHxxx (Single Drive, High Line)
Product Identification: E94xMHxxx (Multi Drive, High Line)
Remark: If the product identification of your 9400 product does not fit to the above mentioned identification, please contact Lenze at Security.de@Lenze.com.
The Versions P (power supply module) and R (regenerative power supply module) are not affected. Furthermore, the Variant P (PLC) and the Variant S (StateLine) are not affected. The communication paths via the diagnostic interface X6, the system bus (CAN) X1 or the field buses (other than the named Ethernet module) that can be plugged into the module slots MXI1 or MXI2 are not affected.
The focus is therefore on 9400 servo inverters with the product-identification E94x{S/M}{H}... with a plugged in Ethernet module E94AYCEN... in module slot MXI1 or MXI2 and communication with the Engineer-Tools via exactly this channel.
In addition to the standard tool Engineer, there is also a special Version of the PLC Designer (Version 0.x). The communication path to the PLC Designer is not considered with the planned update and the vulnerabilities here remain even after the update. Here, the customer must provide a secure Environment, see Mitigation.
Impact: A crafted request may cause a heap-based, a stack-based buffer overflow or a buffer over-read in the affected products, resulting in a denial-of-service condition or being utilized for remote code execution.
The crafted requests are only processed on the products, if no online password is configured on the products or if the attacker has previously successfully authenticated himself at the affected products.
Mitigation: As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.
- Use firewalls to protect the automation system network and to separate it from other networks.
Remark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.
- Activate and use user administration and password functions.
- Use encrypted communication links.
Restrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.
- Protect the development tool by using the latest virus detection solutions.
Remediation: The affected products
- Embedded Line EL 1800-9800
- Command Station CS 5800-9800
- Control Cabinet PC 2800
- EL100 PLC
are at the end of life and are no longer available. A further development or adaption of the
products is no longer planned and no longer possible from the process of discontinuation.
The affected product
- 9400 servo inverters
in the constellation described above will be revised in the next product release. An update is
planned for Q2 2022.
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
9.8 (Critical)
Mitigation
As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.
- Use firewalls to protect the automation system network and to separate it from other networks.
Remark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.
- Activate and use user administration and password functions.
- Use encrypted communication links.
Restrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.
- Protect the development tool by using the latest virus detection solutions.
Vendor Fix
The affected products
- Embedded Line EL 1800-9800
- Command Station CS 5800-9800
- Control Cabinet PC 2800
- EL100 PLC
are at the end of life and are no longer available. A further development or adaption of the
products is no longer planned and no longer possible from the process of discontinuation.
The affected product
- 9400 servo inverters
in the constellation described above will be revised in the next product release. An update is
planned for Q2 2022.
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
7.5 (High)
Mitigation
As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.
- Use firewalls to protect the automation system network and to separate it from other networks.
Remark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.
- Activate and use user administration and password functions.
- Use encrypted communication links.
Restrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.
- Protect the development tool by using the latest virus detection solutions.
Vendor Fix
The affected products
- Embedded Line EL 1800-9800
- Command Station CS 5800-9800
- Control Cabinet PC 2800
- EL100 PLC
are at the end of life and are no longer available. A further development or adaption of the
products is no longer planned and no longer possible from the process of discontinuation.
The affected product
- 9400 servo inverters
in the constellation described above will be revised in the next product release. An update is
planned for Q2 2022.
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
7.5 (High)
Mitigation
As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.
- Use firewalls to protect the automation system network and to separate it from other networks.
Remark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.
- Activate and use user administration and password functions.
- Use encrypted communication links.
Restrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.
- Protect the development tool by using the latest virus detection solutions.
Vendor Fix
The affected products
- Embedded Line EL 1800-9800
- Command Station CS 5800-9800
- Control Cabinet PC 2800
- EL100 PLC
are at the end of life and are no longer available. A further development or adaption of the
products is no longer planned and no longer possible from the process of discontinuation.
The affected product
- 9400 servo inverters
in the constellation described above will be revised in the next product release. An update is
planned for Q2 2022.
References
Acknowledgments
CERT@VDE
certvde.com
Positive Technologies
Sergey Fedonin
Denis Goryushev
Anton Dorfman
SCADAfence
Yossi Reuven
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Sergey Fedonin",
"Denis Goryushev",
"Anton Dorfman"
],
"organization": "Positive Technologies",
"summary": "discovered and reported"
},
{
"names": [
"Yossi Reuven"
],
"organization": "SCADAfence",
"summary": "discovered and reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The affected products contain a CODESYS Control runtime system in version V2. They are therefore affected by the\nvulnerability described in CODESYS Advisory 2021-06. It provides a communication server for the communication with clients like the CODESYS Development System.\n\nThe 9400 servo inverters is only affected if the communication Path via the inserted EtherNet Module E94AYCEN on slot MXI1 or MXI2 is used. If the Module E94AYCEN is used, the following Versions are affected.\n\nProduct Identification: E94xSHxxx (Single Drive, High Line)\nProduct Identification: E94xMHxxx (Multi Drive, High Line)\n\nRemark: If the product identification of your 9400 product does not fit to the above mentioned identification, please contact Lenze at Security.de@Lenze.com.\n\nThe Versions P (power supply module) and R (regenerative power supply module) are not affected. Furthermore, the Variant P (PLC) and the Variant S (StateLine) are not affected. The communication paths via the diagnostic interface X6, the system bus (CAN) X1 or the field buses (other than the named Ethernet module) that can be plugged into the module slots MXI1 or MXI2 are not affected.\n\nThe focus is therefore on 9400 servo inverters with the product-identification E94x{S/M}{H}... with a plugged in Ethernet module E94AYCEN... in module slot MXI1 or MXI2 and communication with the Engineer-Tools via exactly this channel.\n\nIn addition to the standard tool Engineer, there is also a special Version of the PLC Designer (Version 0.x). The communication path to the PLC Designer is not considered with the planned update and the vulnerabilities here remain even after the update. Here, the customer must provide a secure Environment, see Mitigation.",
"title": "Summary"
},
{
"category": "description",
"text": "A crafted request may cause a heap-based, a stack-based buffer overflow or a buffer over-read in the affected products, resulting in a denial-of-service condition or being utilized for remote code execution.\n\nThe crafted requests are only processed on the products, if no online password is configured on the products or if the attacker has previously successfully authenticated himself at the affected products.",
"title": "Impact"
},
{
"category": "description",
"text": "As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:\n\n- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.\n- Use firewalls to protect the automation system network and to separate it from other networks.\n\n\nRemark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.\n\n- Use Virtual Private Networks (VPN) tunnels when remote access is required.\n- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.\n- Activate and use user administration and password functions.\n- Use encrypted communication links.\nRestrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.\n- Protect the development tool by using the latest virus detection solutions.",
"title": "Mitigation"
},
{
"category": "description",
"text": "The affected products\n\n- Embedded Line EL 1800-9800\n- Command Station CS 5800-9800\n- Control Cabinet PC 2800\n- EL100 PLC\n\nare at the end of life and are no longer available. A further development or adaption of the\nproducts is no longer planned and no longer possible from the process of discontinuation.\n\nThe affected product\n\n- 9400 servo inverters\n\nin the constellation described above will be revised in the next product release. An update is\nplanned for Q2 2022.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@lenze.com",
"name": "Lenze SE",
"namespace": "https://www.lenze.com"
},
"references": [
{
"category": "external",
"summary": "Lenze advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/lenze/"
},
{
"category": "self",
"summary": "VDE-2021-048: Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-048"
},
{
"category": "self",
"summary": "VDE-2021-048: Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication - CSAF",
"url": "https://lenze.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-048.json"
}
],
"title": "Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication",
"tracking": {
"aliases": [
"VDE-2021-048"
],
"current_release_date": "2021-10-04T12:33:00.000Z",
"generator": {
"date": "2025-03-24T12:03:41.535Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2021-048",
"initial_release_date": "2021-10-04T12:33:00.000Z",
"revision_history": [
{
"date": "2021-10-04T12:33:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Command Station CS 5800-9800",
"product": {
"name": "Command Station CS 5800-9800",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "Control Cabinet PC 2800",
"product": {
"name": "Control Cabinet PC 2800",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "EL100 PLC",
"product": {
"name": "EL100 PLC",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "Embedded Line EL 1800-9800",
"product": {
"name": "Embedded Line EL 1800-9800",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product": {
"name": "EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"E94xSHxxx"
]
}
}
},
{
"category": "product_name",
"name": "EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product": {
"name": "EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"E94xMHxxx"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V15.02.04",
"product": {
"name": "Firmware \u003c=V15.02.04",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Weidmueller"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Command Station CS 5800-9800",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Control Cabinet PC 2800",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on EL100 PLC",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Embedded Line EL 1800-9800",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V15.02.04 installed on EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:\n\n- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.\n- Use firewalls to protect the automation system network and to separate it from other networks.\n\n\nRemark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.\n\n- Use Virtual Private Networks (VPN) tunnels when remote access is required.\n- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.\n- Activate and use user administration and password functions.\n- Use encrypted communication links.\nRestrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.\n- Protect the development tool by using the latest virus detection solutions.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The affected products\n\n- Embedded Line EL 1800-9800\n- Command Station CS 5800-9800\n- Control Cabinet PC 2800\n- EL100 PLC\n\nare at the end of life and are no longer available. A further development or adaption of the\nproducts is no longer planned and no longer possible from the process of discontinuation.\n\nThe affected product\n\n- 9400 servo inverters\n\nin the constellation described above will be revised in the next product release. An update is\nplanned for Q2 2022.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-30195",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:\n\n- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.\n- Use firewalls to protect the automation system network and to separate it from other networks.\n\n\nRemark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.\n\n- Use Virtual Private Networks (VPN) tunnels when remote access is required.\n- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.\n- Activate and use user administration and password functions.\n- Use encrypted communication links.\nRestrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.\n- Protect the development tool by using the latest virus detection solutions.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The affected products\n\n- Embedded Line EL 1800-9800\n- Command Station CS 5800-9800\n- Control Cabinet PC 2800\n- EL100 PLC\n\nare at the end of life and are no longer available. A further development or adaption of the\nproducts is no longer planned and no longer possible from the process of discontinuation.\n\nThe affected product\n\n- 9400 servo inverters\n\nin the constellation described above will be revised in the next product release. An update is\nplanned for Q2 2022.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-30186",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:\n\n- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.\n- Use firewalls to protect the automation system network and to separate it from other networks.\n\n\nRemark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.\n\n- Use Virtual Private Networks (VPN) tunnels when remote access is required.\n- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.\n- Activate and use user administration and password functions.\n- Use encrypted communication links.\nRestrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.\n- Protect the development tool by using the latest virus detection solutions.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The affected products\n\n- Embedded Line EL 1800-9800\n- Command Station CS 5800-9800\n- Control Cabinet PC 2800\n- EL100 PLC\n\nare at the end of life and are no longer available. A further development or adaption of the\nproducts is no longer planned and no longer possible from the process of discontinuation.\n\nThe affected product\n\n- 9400 servo inverters\n\nin the constellation described above will be revised in the next product release. An update is\nplanned for Q2 2022.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30186"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…