diff --git a/2019/19xxx/CVE-2019-19276.json b/2019/19xxx/CVE-2019-19276.json index 8f170ad2bb08..651c5cf06430 100644 --- a/2019/19xxx/CVE-2019-19276.json +++ b/2019/19xxx/CVE-2019-19276.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-19276", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash.\nA manual restart of the device is required to resume operation of the service.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf" } ] } diff --git a/2020/15xxx/CVE-2020-15798.json b/2020/15xxx/CVE-2020-15798.json index 8ec0ff42e14f..96690c0bd388 100644 --- a/2020/15xxx/CVE-2020-15798.json +++ b/2020/15xxx/CVE-2020-15798.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)" + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)\n" } ] }, diff --git a/2020/25xxx/CVE-2020-25242.json b/2020/25xxx/CVE-2020-25242.json index a96b1073d9ac..f06ebbe4c33a 100644 --- a/2020/25xxx/CVE-2020-25242.json +++ b/2020/25xxx/CVE-2020-25242.json @@ -1,17 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-25242", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition\non the affected devices. \nA cold restart might be necessary in order to recover.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28392.json b/2020/28xxx/CVE-2020-28392.json index 28fb87fcd007..4d9d1e9437dd 100644 --- a/2020/28xxx/CVE-2020-28392.json +++ b/2020/28xxx/CVE-2020-28392.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.0.1" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMARIS configuration (All versions). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine." + "value": "A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the\napplication folder and subfolders which could allow an attacker to gain persistence or\npotentially escalate privileges should a user with elevated credentials log onto the machine.\n" } ] }, diff --git a/2020/28xxx/CVE-2020-28393.json b/2020/28xxx/CVE-2020-28393.json index f3c3b7d90b29..158dcda82c98 100644 --- a/2020/28xxx/CVE-2020-28393.json +++ b/2020/28xxx/CVE-2020-28393.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-28393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SCALANCE XM-400 Family", + "version": { + "version_data": [ + { + "version_value": "All versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE XR-500 Family", + "version": { + "version_data": [ + { + "version_value": "All versions < V6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-682: Incorrect Calculation" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SCALANCE XM-400 Family (All versions < V6.4), SCALANCE XR-500 Family (All versions < V6.4). The OSPF protocol implementation in affected devices incorrectly handles the number of LSA fields in combination with other modified fields.\n\nAn unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25660.json b/2021/25xxx/CVE-2021-25660.json index 9807984d54e1..611841780ea9 100644 --- a/2021/25xxx/CVE-2021-25660.json +++ b/2021/25xxx/CVE-2021-25660.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-25660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-788: Access of Memory Location After End of Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25661.json b/2021/25xxx/CVE-2021-25661.json index 66bf75b99481..20cc17067094 100644 --- a/2021/25xxx/CVE-2021-25661.json +++ b/2021/25xxx/CVE-2021-25661.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-25661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-788: Access of Memory Location After End of Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25662.json b/2021/25xxx/CVE-2021-25662.json index 166d10fe8b8c..fb4ef22cc0ff 100644 --- a/2021/25xxx/CVE-2021-25662.json +++ b/2021/25xxx/CVE-2021-25662.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-25662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755: Improper Handling of Exceptional Conditions" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27383.json b/2021/27xxx/CVE-2021-27383.json index d7b8af90e71b..23c6418e51a2 100644 --- a/2021/27xxx/CVE-2021-27383.json +++ b/2021/27xxx/CVE-2021-27383.json @@ -1,17 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27383", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" + }, + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27384.json b/2021/27xxx/CVE-2021-27384.json index 0fbfb69e813f..5de25166c983 100644 --- a/2021/27xxx/CVE-2021-27384.json +++ b/2021/27xxx/CVE-2021-27384.json @@ -1,17 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27384", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-788: Access of Memory Location After End of Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side,\nwhich can potentially result in code execution.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" + }, + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27385.json b/2021/27xxx/CVE-2021-27385.json index 930afb339f9c..1fcfe5d4fffb 100644 --- a/2021/27xxx/CVE-2021-27385.json +++ b/2021/27xxx/CVE-2021-27385.json @@ -1,17 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27385", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side,\nwhich could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" + }, + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27386.json b/2021/27xxx/CVE-2021-27386.json index 8528932124eb..8153fe2c0419 100644 --- a/2021/27xxx/CVE-2021-27386.json +++ b/2021/27xxx/CVE-2021-27386.json @@ -1,17 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27386", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" + }, + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27396.json b/2021/27xxx/CVE-2021-27396.json index 1f6c99fd914b..4043a7947106 100644 --- a/2021/27xxx/CVE-2021-27396.json +++ b/2021/27xxx/CVE-2021-27396.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation", + "version": { + "version_data": [ + { + "version_value": "All versions < V16.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27398.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13279)\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27397.json b/2021/27xxx/CVE-2021-27397.json index e75d9b75c870..200ccf02eb24 100644 --- a/2021/27xxx/CVE-2021-27397.json +++ b/2021/27xxx/CVE-2021-27397.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation", + "version": { + "version_data": [ + { + "version_value": "All versions < V16.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287)\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27398.json b/2021/27xxx/CVE-2021-27398.json index 8b900d260f48..eea9b26f6dc9 100644 --- a/2021/27xxx/CVE-2021-27398.json +++ b/2021/27xxx/CVE-2021-27398.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation", + "version": { + "version_data": [ + { + "version_value": "All versions < V16.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27396.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13290)\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31339.json b/2021/31xxx/CVE-2021-31339.json index 96bd52aa31e8..d955f5330210 100644 --- a/2021/31xxx/CVE-2021-31339.json +++ b/2021/31xxx/CVE-2021-31339.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-31339", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Mendix Excel Importer Module", + "version": { + "version_data": [ + { + "version_value": "All versions < V9.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209: Generation of Error Message Containing Sensitive Information" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-854248.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31341.json b/2021/31xxx/CVE-2021-31341.json index f97c2f417e39..dbd026c0d3f2 100644 --- a/2021/31xxx/CVE-2021-31341.json +++ b/2021/31xxx/CVE-2021-31341.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-31341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Mendix Database Replication", + "version": { + "version_data": [ + { + "version_value": "All versions < V7.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209: Generation of Error Message Containing Sensitive Information" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Mendix Database Replication (All versions < V7.0.1). Uploading a table mapping using a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf" } ] }