{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Siemens heeft kwetsbaarheden verholpen in diverse producten zoals Analytics Toolkit, Ruggedcom, Industrial Edge Management Pro, SIDIS en TPM.\n\n\n", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (root/admin rechten)\n- Toegang tot systeemgegevens\n- Verhogen van rechten\n\nVoor succesvol misbruik van de genoemde kwetsbaarheden moet de kwaadwillende toegang hebben tot de productie-omgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", "title": "Interpretaties" }, { "category": "description", "text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "title": "CWE-74" }, { "category": "general", "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "title": "CWE-79" }, { "category": "general", "text": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "title": "CWE-80" }, { "category": "general", "text": "Improper Control of Resource Identifiers ('Resource Injection')", "title": "CWE-99" }, { "category": "general", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "Numeric Truncation Error", "title": "CWE-197" }, { "category": "general", "text": "Incorrect Privilege Assignment", "title": "CWE-266" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Improper Authentication", "title": "CWE-287" }, { "category": "general", "text": "Authentication Bypass by Spoofing", "title": "CWE-290" }, { "category": "general", "text": "Improper Certificate Validation", "title": "CWE-295" }, { "category": "general", "text": "Authentication Bypass by Primary Weakness", "title": "CWE-305" }, { "category": "general", "text": "Missing Authentication for Critical Function", "title": "CWE-306" }, { "category": "general", "text": "Improper Restriction of Excessive Authentication Attempts", "title": "CWE-307" }, { "category": "general", "text": "Use of a Broken or Risky Cryptographic Algorithm", "title": "CWE-327" }, { "category": "general", "text": "Insufficient Verification of Data Authenticity", "title": "CWE-345" }, { "category": "general", "text": "Origin Validation Error", "title": "CWE-346" }, { "category": "general", "text": "Improper Verification of Cryptographic Signature", "title": "CWE-347" }, { "category": "general", "text": "Improper Validation of Integrity Check Value", "title": "CWE-354" }, { "category": "general", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "general", "text": "Authorization Bypass Through User-Controlled Key", "title": "CWE-639" }, { "category": "general", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "general", "text": "Inclusion of Functionality from Untrusted Control Sphere", "title": "CWE-829" }, { "category": "general", "text": "Loop with Unreachable Exit Condition ('Infinite Loop')", "title": "CWE-835" }, { "category": "general", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "Incorrect Authorization", "title": "CWE-863" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-225816.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-605717.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-609469.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-628843.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-741509.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-801704.html" }, { "category": "external", "summary": "Reference", "url": "https://cert-portal.siemens.com/productcert/html/ssa-981622.html" } ], "title": "Kwetsbaarheden verholpen in Siemens producten", "tracking": { "current_release_date": "2026-04-14T11:37:21.682429Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.3" } }, "id": "NCSC-2026-0112", "initial_release_date": "2026-04-14T11:37:21.682429Z", "revision_history": [ { "date": "2026-04-14T11:37:21.682429Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "6AG1206-2BB00-7AC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "6Ag1206-2Bs00-7Ac2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-3" } } ], "category": "product_name", "name": "6Ag1208-0Ba00-7Ac2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-4" } } ], "category": "product_name", "name": "6Ag1216-4Bs00-7Ac2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-5" } } ], "category": "product_name", "name": "6GK5204-0BA00-2GF2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-6" } } ], "category": "product_name", "name": "6GK5204-0BA00-2YF2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-7" } } ], "category": "product_name", "name": "6GK5205-3BB00-2AB2 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-8" } } ], "category": "product_name", "name": "6GK5205-3BB00-2AB2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-9" } } ], "category": "product_name", "name": "6GK5205-3BB00-2TB2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-10" } } ], "category": "product_name", "name": "6GK5205-3BF00-2TB2 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-11" } } ], "category": "product_name", "name": "6GK5206-2BD00-2AC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-12" } } ], "category": "product_name", "name": "6GK5206-2GS00-2AC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-13" } } ], "category": "product_name", "name": "6GK5206-2GS00-2TC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-14" } } ], "category": "product_name", "name": "6GK5206-2RS00-2AC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-15" } } ], "category": "product_name", "name": "6GK5208-0BA00-2AB2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-16" } } ], "category": "product_name", "name": "6GK5208-0BA00-2AC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-17" } } ], "category": "product_name", "name": "6GK5208-0BA00-2FC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-18" } } ], "category": "product_name", "name": "6GK5208-0GA00-2AC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-19" } } ], "category": "product_name", "name": "6GK5208-0GA00-2FC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-20" } } ], "category": "product_name", "name": "6GK5208-0GA00-2TC2 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-21" } } ], "category": "product_name", "name": "6GK5632-2GS00-2AC2 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-22" } } ], "category": "product_name", "name": "6GK5646-2GS00-2AC2 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-23" } } ], "category": "product_name", "name": "6GK5721-1FC00-0AB0 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-24" } } ], "category": "product_name", "name": "6GK5722-1FC00-0AB0 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-25" } } ], "category": "product_name", "name": "6GK5734-1FX00-0AA0 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-26" } } ], "category": "product_name", "name": "BFCClient" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-27" } } ], "category": "product_name", "name": "CP 1243-1 Firmware (OS)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-28" } } ], "category": "product_name", "name": "CP 1243-7 LTE EU Firmware (OS)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-29" } } ], "category": "product_name", "name": "CP 1243-7 LTE US Firmware (OS)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-30" } } ], "category": "product_name", "name": "CP 1243-8 IRC Firmware (OS)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-31" } } ], "category": "product_name", "name": "CP 1542SP-1 Firmware (OS)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-32" } } ], "category": "product_name", "name": "Industrial Edge - Machine Insight App" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-33" } } ], "category": "product_name", "name": "Industrial Edge - OPC UA Connector" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-34" } } ], "category": "product_name", "name": "Industrial Edge - Opc Ua Connector" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-35" } } ], "category": "product_name", "name": "Industrial Edge - PROFINET IO Connector" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-36" } } ], "category": "product_name", "name": "Industrial Edge - SIMATIC S7 Connector App" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-37" } } ], "category": "product_name", "name": "Industrial Edge - Simatic S7 Connector App" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-38" } } ], "category": "product_name", "name": "Industrial Edge Management" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-39" } } ], "category": "product_name", "name": "Industrial Edge Management Pro V1" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-40" } } ], "category": "product_name", "name": "Industrial Edge Management Pro V2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-41" } } ], "category": "product_name", "name": "Industrial Edge Management Virtual" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-42" } } ], "category": "product_name", "name": "Open PCS 7" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-43" } } ], "category": "product_name", "name": "OpenPCS 7 V8.2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-44" } } ], "category": "product_name", "name": "OpenPCS 7 V9.0" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-45" } } ], "category": "product_name", "name": "OpenPCS 7 V9.1" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-46" } } ], "category": "product_name", "name": "ROX II Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-47" } } ], "category": "product_name", "name": "RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-48" } } ], "category": "product_name", "name": "RUGGEDCOM CROSSBOW Station Access Controller (SAC)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-49" } } ], "category": "product_name", "name": "RUGGEDCOM RM1224 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-50" } } ], "category": "product_name", "name": "RUGGEDCOM RM1224 LTE(4G) EU" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-51" } } ], "category": "product_name", "name": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-52" } } ], "category": "product_name", "name": "RUGGEDCOM RM1224 LTE(4G) NAM" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-53" } } ], "category": "product_name", "name": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-54" } } ], "category": "product_name", "name": "RUGGEDCOM RM1224 LTE4G" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-55" } } ], "category": "product_name", "name": "RUGGEDCOM ROX MX5000" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-56" } } ], "category": "product_name", "name": "RUGGEDCOM ROX MX5000RE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-57" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1400" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-58" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1500" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-59" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1500 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-60" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1501" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-61" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1510" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-62" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1510 FIRMWARE" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-63" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1511" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-64" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1512" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-65" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1524" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-66" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1524 (Hardware)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-67" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX1536" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-68" } } ], "category": "product_name", "name": "RUGGEDCOM ROX RX5000" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-69" } } ], "category": "product_name", "name": "RUGGEDCOM RX1400 (Firmware)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-70" } } ], "category": "product_name", "name": "Ruggedcom Rm1224 Lte Eu" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-71" } } ], "category": "product_name", "name": "Ruggedcom Rm1224 Lte Nam" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-72" } } ], "category": "product_name", "name": "Ruggedcom Rox Mx5000" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-73" } } ], "category": "product_name", "name": "Ruggedcom Rox Rx1500" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-74" } } ], "category": "product_name", "name": "Ruggedcom Rox Rx1501" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-75" } } ], "category": "product_name", "name": "Ruggedcom Rox Rx1512" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-76" } } ], "category": "product_name", "name": "SCALANCE M816-1 (Hardware)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-77" } } ], "category": "product_name", "name": "SCALANCE M826-2 (Hardware)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-78" } } ], "category": "product_name", "name": "SCALANCE M874-2 (Hardware)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-79" } } ], "category": "product_name", "name": "SCALANCE M876-3 (Hardware)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-80" } } ], "category": "product_name", "name": "SCALANCE M876-4 (Hardware)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-81" } } ], "category": "product_name", "name": "SCALANCE MUM856-1 (Hardware)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-82" } } ], "category": "product_name", "name": "SCALANCE S615" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-83" } } ], "category": "product_name", "name": "SCALANCE SC-600 Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-84" } } ], "category": "product_name", "name": "SCALANCE SC622-2C" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-24588", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "other", "text": "Missing Authentication for Critical Function", "title": "CWE-306" }, { "category": "other", "text": "Improper Control of Resource Identifiers ('Resource Injection')", "title": "CWE-99" }, { "category": "other", "text": "Use of a Broken or Risky Cryptographic Algorithm", "title": "CWE-327" }, { "category": "description", "text": "Multiple SUSE Linux Enterprise kernel updates across versions 11, 12, and 15 addressed critical security vulnerabilities including use-after-free, heap overflows, race conditions, side-channel leaks, and Wi-Fi protocol flaws, alongside extensive non-security bug fixes.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2020-24588 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-24588.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2020-24588" }, { "cve": "CVE-2020-26139", "cwe": { "id": "CWE-829", "name": "Inclusion of Functionality from Untrusted Control Sphere" }, "notes": [ { "category": "other", "text": "Inclusion of Functionality from Untrusted Control Sphere", "title": "CWE-829" }, { "category": "description", "text": "Multiple security vulnerabilities affecting NetBSD and various SUSE Linux Enterprise kernel versions include flaws in BPF verifier, Bluetooth, Wi-Fi fragmentation, heap overflows, use-after-free bugs, and EAPOL frame handling, with extensive non-security fixes across drivers and subsystems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2020-26139 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-26139.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2020-26139" }, { "cve": "CVE-2020-26140", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "notes": [ { "category": "other", "text": "Origin Validation Error", "title": "CWE-346" }, { "category": "other", "text": "Improper Control of Resource Identifiers ('Resource Injection')", "title": "CWE-99" }, { "category": "other", "text": "Use of a Broken or Risky Cryptographic Algorithm", "title": "CWE-327" }, { "category": "description", "text": "Multiple vulnerabilities in WiFi protocols and drivers, including IEEE 802.11, ALFA Windows 10 driver 6.1316.1209 for AWUS036H, and Linux kernel implementations, allow attackers to inject arbitrary plaintext frames into protected networks across WPA3 and earlier standards.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2020-26140 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-26140.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2020-26140" }, { "cve": "CVE-2020-26141", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "other", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "other", "text": "Improper Validation of Integrity Check Value", "title": "CWE-354" }, { "category": "description", "text": "Multiple security vulnerabilities including Wi-Fi fragmentation flaws, use-after-free, denial-of-service, BPF verifier bugs, heap overflows, and race conditions have been addressed across various SUSE Linux Enterprise kernel updates and an ALFA Windows 10 driver for AWUS036H, impacting WPA/WPA2 networks and kernel stability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2020-26141 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-26141.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2020-26141" }, { "cve": "CVE-2020-26143", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "notes": [ { "category": "other", "text": "Origin Validation Error", "title": "CWE-346" }, { "category": "other", "text": "Improper Control of Resource Identifiers ('Resource Injection')", "title": "CWE-99" }, { "category": "description", "text": "Multiple vulnerabilities in Linux kernel, ALFA Windows 10 driver for AWUS036ACH, and IEEE 802.11 protocols allow attackers to inject malicious WiFi frames and exfiltrate data across WEP, CCMP, GCMP, WPA3, and protected networks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2020-26143 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-26143.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2020-26143" }, { "cve": "CVE-2020-26144", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "notes": [ { "category": "other", "text": "Authentication Bypass by Spoofing", "title": "CWE-290" }, { "category": "description", "text": "Multiple vulnerabilities affect Samsung Galaxy S3 i9305 devices, Linux kernel WiFi implementations, and Windows Wireless Networking, allowing attackers to inject or spoof network packets by exploiting acceptance of plaintext A-MSDU frames with valid RFC1042 headers for EAPOL.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2020-26144 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-26144.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2020-26144" }, { "cve": "CVE-2020-26146", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "notes": [ { "category": "other", "text": "Improper Restriction of Excessive Authentication Attempts", "title": "CWE-307" }, { "category": "other", "text": "Improper Control of Resource Identifiers ('Resource Injection')", "title": "CWE-99" }, { "category": "description", "text": "Multiple vulnerabilities in WiFi implementations, including IEEE 802.11 standards and specific devices like Samsung Galaxy S3 i9305 on Android 4.4.4, allow attackers to inject malicious frames and exfiltrate data via fragmented frame reassembly flaws affecting WEP, WPA, WPA2, WPA3, CCMP, and GCMP protocols.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2020-26146 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-26146.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2020-26146" }, { "cve": "CVE-2020-26147", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "notes": [ { "category": "other", "text": "Improper Restriction of Excessive Authentication Attempts", "title": "CWE-307" }, { "category": "other", "text": "Improper Control of Resource Identifiers ('Resource Injection')", "title": "CWE-99" }, { "category": "description", "text": "Multiple SUSE Linux Enterprise kernel updates across versions 12, 15, and LTSS address critical security vulnerabilities including use-after-free, heap overflows, race conditions, and Wi-Fi protocol flaws, alongside extensive non-security bug fixes.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2020-26147 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-26147.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2020-26147" }, { "cve": "CVE-2021-3712", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "Multiple OpenSSL versions prior to 1.1.1l and 1.0.2za contain buffer overrun and memory disclosure vulnerabilities in ASN.1 string processing, affecting various products including Oracle Siebel CRM, Oracle Communications, NetApp, HPE, and Solarwinds, with CVSS scores up to 7.4.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2021-3712 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-3712.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 7.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2021-3712" }, { "cve": "CVE-2022-0778", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "notes": [ { "category": "other", "text": "Loop with Unreachable Exit Condition ('Infinite Loop')", "title": "CWE-835" }, { "category": "description", "text": "A critical vulnerability in OpenSSL's BN_mod_sqrt() function causes infinite loops when parsing crafted certificates with invalid elliptic curve parameters, leading to denial of service across multiple OpenSSL versions and affecting various products including Node.js, Oracle, SAP, and NetApp.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2022-0778 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-0778.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2022-0778" }, { "cve": "CVE-2022-31765", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "description", "text": "A vulnerability in the web interface's change password function allows low privileged users on affected devices to escalate their privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2022-31765 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-31765.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2022-31765" }, { "cve": "CVE-2022-36323", "notes": [ { "category": "description", "text": "Siemens products including SCALANCE, SICAM, Tecnomatix, SITOP, and PowerSys contain vulnerabilities allowing authenticated remote attackers with administrative privileges to inject code or gain root shell access due to improper input sanitization.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2022-36323 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-36323.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2022-36323" }, { "cve": "CVE-2022-36324", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "other", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "description", "text": "Affected devices improperly handle SSL/TLS renegotiation, allowing unauthenticated remote attackers to bypass TCP brute force protections and cause denial of service during the attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2022-36324 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-36324.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2022-36324" }, { "cve": "CVE-2022-36325", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "title": "CWE-80" }, { "category": "description", "text": "Affected devices improperly sanitize user input in their web interface, enabling an authenticated remote attacker with administrative privileges to execute a DOM-based cross-site scripting (XSS) attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2022-36325 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-36325.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 6.8, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2022-36325" }, { "cve": "CVE-2023-44373", "notes": [ { "category": "description", "text": "Multiple Siemens RUGGEDCOM and SCALANCE devices below versions V8.0 or V2.4.0 contain vulnerabilities allowing authenticated admin users to execute code or spawn root shells due to improper input sanitization, related to CVE-2022-36323.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2023-44373 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-44373.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2023-44373" }, { "cve": "CVE-2025-2884", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "Multiple vulnerabilities affect the TCG TPM2.0 Reference implementation's CryptHmacSign function and various HPE servers, including local denial of service and out-of-bounds read issues, as detailed in Intel Security Advisory INTEL-SA-01209 and TCG advisories.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2025-2884 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-2884.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "baseScore": 6.6, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2025-2884" }, { "cve": "CVE-2025-6965", "cwe": { "id": "CWE-197", "name": "Numeric Truncation Error" }, "notes": [ { "category": "other", "text": "Numeric Truncation Error", "title": "CWE-197" }, { "category": "description", "text": "Critical vulnerabilities in Oracle Communications Cloud Native Core Unified Data Repository and Oracle Siebel CRM Cloud Applications allow unauthenticated attackers full system compromise, while multiple SQLite and MySQL flaws affect NetApp and other vendors, causing memory corruption and potential data breaches.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2025-6965 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2025-6965" }, { "cve": "CVE-2025-40745", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "other", "text": "Improper Certificate Validation", "title": "CWE-295" }, { "category": "description", "text": "A vulnerability in multiple Siemens software products allows unauthenticated remote attackers to conduct man-in-the-middle attacks by exploiting improper validation of client certificates when connecting to the Analytics Service endpoint.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2025-40745 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40745.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2025-40745" }, { "cve": "CVE-2026-24032", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "notes": [ { "category": "other", "text": "Improper Verification of Cryptographic Signature", "title": "CWE-347" }, { "category": "description", "text": "A vulnerability in SINEC NMS versions prior to V4.0 SP3 with UMC allows unauthenticated remote attackers to bypass authentication due to insufficient user identity validation in the UMC component.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2026-24032 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-24032.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2026-24032" }, { "cve": "CVE-2026-25654", "cwe": { "id": "CWE-639", "name": "Authorization Bypass Through User-Controlled Key" }, "notes": [ { "category": "other", "text": "Authorization Bypass Through User-Controlled Key", "title": "CWE-639" }, { "category": "description", "text": "A vulnerability in SINEC NMS versions prior to V4.0 SP3 enables an authenticated remote attacker to bypass authorization controls and reset any user account password.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2026-25654 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25654.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2026-25654" }, { "cve": "CVE-2026-27668", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "notes": [ { "category": "other", "text": "Incorrect Privilege Assignment", "title": "CWE-266" }, { "category": "description", "text": "A vulnerability in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) before version 5.8 allows authenticated User Administrators to escalate privileges and gain access to any device group at any access level.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27668 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27668.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2026-27668" }, { "cve": "CVE-2026-33892", "cwe": { "id": "CWE-305", "name": "Authentication Bypass by Primary Weakness" }, "notes": [ { "category": "other", "text": "Authentication Bypass by Primary Weakness", "title": "CWE-305" }, { "category": "description", "text": "A vulnerability in Industrial Edge Management Pro and Virtual allows unauthenticated remote attackers to bypass authentication and impersonate users by exploiting improperly enforced authentication on remote device connections when the feature is enabled and connection details are known.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33892 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33892.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84" ] } ], "title": "CVE-2026-33892" } ] }