Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

CVE-2024-46887 (GCVE-0-2024-46887)

Vulnerability from cvelistv5 – Published: 2024-10-08 08:40 – Updated: 2025-10-21 14:12
VLAI
Summary
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
Siemens SIMATIC Drive Controller CPU 1504D TF Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC Drive Controller CPU 1507D TF Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1510SP F-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1510SP F-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1510SP-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1510SP-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1512SP F-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1512SP F-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1512SP-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1512SP-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1514SP F-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1514SP-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1514SPT F-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP CPU 1514SPT-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS Affected: 0 , < V21.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511C-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511C-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511F-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511F-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511T-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511T-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511TF-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511TF-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1512C-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1512C-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513F-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513F-1 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513pro F-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513pro-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515F-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515F-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515T-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515T-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515TF-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515TF-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516pro F-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516pro-2 PN Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516T-3 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516TF-3 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517-3 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517F-3 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517T-3 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517TF-3 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518T-4 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518TF-4 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1507S F V2 Affected: 0 , < V21.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1507S F V3 Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1507S V2 Affected: 0 , < V21.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1507S V3 Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1508S F V2 Affected: 0 , < V21.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1508S F V3 Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1508S T V3 Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1508S TF V3 Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1508S V2 Affected: 0 , < V21.9.8 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller CPU 1508S V3 Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller Linux V2 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller Linux V3 Affected: 0 , < V31.1.4 (custom)
Create a notification for this product.
Siemens SIMATIC S7-PLCSIM Advanced Affected: 0 , < V7.0 (custom)
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1510SP-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1510SP-1 PN RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1512SP-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1512SP-1 PN RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1511-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1511-1 PN TX RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1511F-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1513-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1513F-1 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1515F-2 PN Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1515F-2 PN RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL Affected: 0 , < V2.9.8 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1518F-4 PN/DP Affected: 0 , < V3.1.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46887",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T13:51:56.485006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T14:12:27.657Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Drive Controller CPU 1504D TF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Drive Controller CPU 1507D TF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1510SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1510SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1510SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1510SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1512SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1512SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1512SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1512SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1514SP F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1514SP-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1514SPT F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP CPU 1514SPT-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511T-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511T-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511TF-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511TF-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1512C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1512C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1512C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513pro F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513pro-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515T-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515T-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515TF-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515TF-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516pro F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516pro-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518T-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1507S F V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1507S F V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1507S V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1507S V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1508S F V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1508S F V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1508S T V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1508S TF V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1508S V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller CPU 1508S V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller Linux V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller Linux V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V31.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-PLCSIM Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1518F-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The web server of affected devices do not properly authenticate user request to the \u0027/ClientArea/RuntimeInfoData.mwsl\u0027 endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T09:15:06.254Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-054046.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-46887",
    "datePublished": "2024-10-08T08:40:43.510Z",
    "dateReserved": "2024-09-12T07:44:52.468Z",
    "dateUpdated": "2025-10-21T14:12:27.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43692 (GCVE-0-2024-43692)

Vulnerability from cvelistv5 – Published: 2024-09-24 23:46 – Updated: 2024-09-25 17:00
VLAI
Title
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel
Summary
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Dover Fueling Solutions (DFS) ProGauge MAGLINK LX CONSOLE Affected: 0 , ≤ 3.4.2.2.6 (custom)
Create a notification for this product.
Dover Fueling Solutions (DFS) ProGauge MAGLINK LX4 CONSOLE Affected: 0 , ≤ 4.17.9e (custom)
Create a notification for this product.
doverfuelingsolutions maglink_lx_console Affected: 0 , ≤ 3.4.2.2.6 (custom)
    cpe:2.3:a:doverfuelingsolutions:maglink_lx_console:*:*:*:*:*:*:*:*
Create a notification for this product.
doverfuelingsolutions maglink_lx4_console Affected: 0 , ≤ 4.17.9e (custom)
    cpe:2.3:a:doverfuelingsolutions:maglink_lx4_console:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Pedro Umbelino of Bitsight reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:doverfuelingsolutions:maglink_lx_console:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "maglink_lx_console",
            "vendor": "doverfuelingsolutions",
            "versions": [
              {
                "lessThanOrEqual": "3.4.2.2.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:doverfuelingsolutions:maglink_lx4_console:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "maglink_lx4_console",
            "vendor": "doverfuelingsolutions",
            "versions": [
              {
                "lessThanOrEqual": "4.17.9e",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43692",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T16:59:20.584214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T17:00:19.138Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ProGauge MAGLINK LX CONSOLE",
          "vendor": "Dover Fueling Solutions (DFS)",
          "versions": [
            {
              "lessThanOrEqual": "3.4.2.2.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ProGauge MAGLINK LX4 CONSOLE",
          "vendor": "Dover Fueling Solutions (DFS)",
          "versions": [
            {
              "lessThanOrEqual": "4.17.9e",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pedro Umbelino of Bitsight reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker can directly request the ProGauge MAGLINK LX CONSOLE \nresource sub page with full privileges by requesting the URL directly."
            }
          ],
          "value": "An attacker can directly request the ProGauge MAGLINK LX CONSOLE \nresource sub page with full privileges by requesting the URL directly."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-24T23:46:12.640Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS\u0027s\n authorized service organizations in North America. North American users\n can reach DFS\u0027s customer support team by telephone at 877-679-8324.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS\u0027s\n authorized service organizations in North America. North American users\n can reach DFS\u0027s customer support team by telephone at 877-679-8324."
        }
      ],
      "source": {
        "advisory": "ICSA-24-268-04",
        "discovery": "EXTERNAL"
      },
      "title": "Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDFS strongly encourages users of MagLink products to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInstall MagLink consoles behind firewalls for security.\u003c/li\u003e\n\u003cli\u003eMonitor and install updates on a timely basis.\u003c/li\u003e\n\u003cli\u003eContact DFS customer support with any questions about operations or updates of MagLink software.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAlternatively, MagLink may operate offfline or disconnected from a network.\u003c/p\u003e\n\u003cp\u003eRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "DFS strongly encourages users of MagLink products to:\n\n\n\n  *  Install MagLink consoles behind firewalls for security.\n\n  *  Monitor and install updates on a timely basis.\n\n  *  Contact DFS customer support with any questions about operations or updates of MagLink software.\n\n\n\n\nAlternatively, MagLink may operate offfline or disconnected from a network.\n\n\nRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-43692",
    "datePublished": "2024-09-24T23:46:12.640Z",
    "dateReserved": "2024-09-05T20:11:00.318Z",
    "dateUpdated": "2024-09-25T17:00:19.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43234 (GCVE-0-2024-43234)

Vulnerability from cvelistv5 – Published: 2024-12-16 15:36 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability
Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through <= 5.4.14.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
WofficeIO Woffice Affected: 0 , ≤ 5.4.14 (custom)
Create a notification for this product.
Date Public
2026-04-01 16:27
Credits
Rafie Muhammad | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-16T18:10:16.276628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-16T18:10:25.763Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "woffice",
          "product": "Woffice",
          "vendor": "WofficeIO",
          "versions": [
            {
              "changes": [
                {
                  "at": "5.4.15",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "5.4.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rafie Muhammad | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-01T16:27:09.359Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.\u003cp\u003eThis issue affects Woffice: from n/a through \u003c= 5.4.14.\u003c/p\u003e"
            }
          ],
          "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through \u003c= 5.4.14."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-29T09:51:53.076Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Woffice theme \u003c= 5.4.14 - Unauthenticated Account Takeover vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-43234",
    "datePublished": "2024-12-16T15:36:22.166Z",
    "dateReserved": "2024-08-09T09:20:16.409Z",
    "dateUpdated": "2026-04-29T09:51:53.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42178 (GCVE-0-2024-42178)

Vulnerability from cvelistv5 – Published: 2025-04-17 21:24 – Updated: 2025-04-18 12:02
VLAI
Title
HCL MyXalytics is affected by a failure to restrict URL access vulnerability
Summary
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
HCL
Impacted products
Date Public
2025-04-17 21:20
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T11:46:26.272738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-18T12:02:16.960Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HCL MyXalytics",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            }
          ]
        }
      ],
      "datePublic": "2025-04-17T21:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.\u003cbr\u003e"
            }
          ],
          "value": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288  Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-17T21:24:34.799Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120502"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2024-42178",
    "datePublished": "2025-04-17T21:24:34.185Z",
    "dateReserved": "2024-07-29T21:32:05.157Z",
    "dateUpdated": "2025-04-18T12:02:16.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41173 (GCVE-0-2024-41173)

Vulnerability from cvelistv5 – Published: 2024-08-27 08:00 – Updated: 2024-08-27 13:07
VLAI
Title
Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD
Summary
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Beckhoff IPC Diagnostics package Affected: 0 , < 2.0.0.1 (semver)
Create a notification for this product.
Beckhoff TwinCAT/BSD Affected: 0 , < 14.1.2.0 (semver)
Create a notification for this product.
beckhoff twincat\/bsd Affected: 0 , < 2.0.0.1 (semver)
    cpe:2.3:o:beckhoff:twincat\/bsd:-:*:*:*:*:*:*:*
Create a notification for this product.
beckhoff twincat\/bsd Affected: 0 , < 14.1.2.0 (semver)
    cpe:2.3:o:beckhoff:twincat\/bsd:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Nozomi Networks Andrea Palanca
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:beckhoff:twincat\\/bsd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "twincat\\/bsd",
            "vendor": "beckhoff",
            "versions": [
              {
                "lessThan": "2.0.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:beckhoff:twincat\\/bsd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "twincat\\/bsd",
            "vendor": "beckhoff",
            "versions": [
              {
                "lessThan": "14.1.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41173",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T13:04:08.003597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T13:07:46.907Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "IPC Diagnostics package",
          "vendor": "Beckhoff",
          "versions": [
            {
              "lessThan": "2.0.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TwinCAT/BSD",
          "vendor": "Beckhoff",
          "versions": [
            {
              "lessThan": "14.1.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Nozomi Networks"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Andrea Palanca"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker."
            }
          ],
          "value": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-27T08:00:47.054Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-045"
        }
      ],
      "source": {
        "advisory": "VDE-2024-045",
        "defect": [
          "CERT@VDE#641666"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-41173",
    "datePublished": "2024-08-27T08:00:47.054Z",
    "dateReserved": "2024-07-17T13:42:44.525Z",
    "dateUpdated": "2024-08-27T13:07:46.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39309 (GCVE-0-2024-39309)

Vulnerability from cvelistv5 – Published: 2024-07-01 21:15 – Updated: 2024-08-02 04:19
VLAI
Title
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
Impacted products
Vendor Product Version
parse-community parse-server Affected: < 6.5.7
Affected: >= 7.0.0, < 7.1.0
Create a notification for this product.
parse_community parse_server Affected: 6.5.7
Affected: 7.0.0
Affected: 7.1.0
    cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parse_server",
            "vendor": "parse_community",
            "versions": [
              {
                "status": "affected",
                "version": "6.5.7"
              },
              {
                "status": "affected",
                "version": "7.0.0"
              },
              {
                "status": "affected",
                "version": "7.1.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39309",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T17:29:00.388525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T17:32:40.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:19:20.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r"
          },
          {
            "name": "https://github.com/parse-community/parse-server/pull/9167",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/pull/9167"
          },
          {
            "name": "https://github.com/parse-community/parse-server/pull/9168",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/pull/9168"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parse-server",
          "vendor": "parse-community",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.5.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-01T21:15:26.242Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r"
        },
        {
          "name": "https://github.com/parse-community/parse-server/pull/9167",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/pull/9167"
        },
        {
          "name": "https://github.com/parse-community/parse-server/pull/9168",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/pull/9168"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b"
        }
      ],
      "source": {
        "advisory": "GHSA-c2hr-cqg6-8j6r",
        "discovery": "UNKNOWN"
      },
      "title": "ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-39309",
    "datePublished": "2024-07-01T21:15:26.242Z",
    "dateReserved": "2024-06-21T18:15:22.260Z",
    "dateUpdated": "2024-08-02T04:19:20.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38437 (GCVE-0-2024-38437)

Vulnerability from cvelistv5 – Published: 2024-07-21 07:17 – Updated: 2024-08-02 04:12
VLAI
Title
D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel
Summary
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
D-Link DSL-225 Affected: version BZ_1.00.16 (custom)
Create a notification for this product.
Date Public
2024-07-18 07:05
Credits
Hai Vaknin, Yehuda Smirnov
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38437",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T20:34:54.288682Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T20:35:11.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:24.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DSL-225",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "version BZ_1.00.16",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hai Vaknin, Yehuda Smirnov"
        }
      ],
      "datePublic": "2024-07-18T07:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eD-Link \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-288:Authentication Bypass Using an Alternate Path or Channel\u003c/span\u003e\n\n\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\n\n\u003c/p\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-21T07:17:40.752Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product is EOL. The Vendor recommends these devices be retired and replaced.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "The product is EOL. The Vendor recommends these devices be retired and replaced."
        }
      ],
      "source": {
        "advisory": "ILVN-2024-0175",
        "discovery": "UNKNOWN"
      },
      "title": "D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2024-38437",
    "datePublished": "2024-07-21T07:17:40.752Z",
    "dateReserved": "2024-06-16T08:00:52.286Z",
    "dateUpdated": "2024-08-02T04:12:24.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38279 (GCVE-0-2024-38279)

Vulnerability from cvelistv5 – Published: 2024-06-13 17:00 – Updated: 2024-08-02 04:04
VLAI
Title
Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Summary
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) Affected: 0 , ≤ 3.1.171.9 (custom)
Create a notification for this product.
motorolasolutions vigilant_fixed_lpr_coms_box_bcav1f2_c600 Affected: 0 , ≤ 3.1.171.9 (custom)
    cpe:2.3:a:motorolasolutions:vigilant_fixed_lpr_coms_box_bcav1f2_c600:3.1.171.9:*:*:*:*:*:*:*
Create a notification for this product.
Credits
The Michigan State Police Michigan Cyber Command Center (MC3)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:motorolasolutions:vigilant_fixed_lpr_coms_box_bcav1f2_c600:3.1.171.9:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vigilant_fixed_lpr_coms_box_bcav1f2_c600",
            "vendor": "motorolasolutions",
            "versions": [
              {
                "lessThanOrEqual": "3.1.171.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38279",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T18:21:36.318296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T18:30:17.758Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
          "vendor": "Motorola Solutions",
          "versions": [
            {
              "lessThanOrEqual": "3.1.171.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eThe affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.\u003c/p\u003e\u003cbr\u003e\n\n"
            }
          ],
          "value": "The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T17:00:20.515Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cbr\u003e\n\n\u003cp\u003eMotorola Solutions recommends the following for each identified vulnerability:\u003c/p\u003e\u003cp\u003eCVE-2024-38279:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUse secure boot implementation with an edit-resistant GRUB partition.\u003c/li\u003e\u003cli\u003eAdditional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\u003cbr\u003ewill release a secure boot implementation in Fall 2024. All customers will receive the update\u003cbr\u003ethrough OTA (over the air) mechanisms. No further actions are required by customers.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Motorola Solutions recommends the following for each identified vulnerability:\n\nCVE-2024-38279:\n\n  *  Use secure boot implementation with an edit-resistant GRUB partition.\n  *  Additional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\n\n\nEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\nwill release a secure boot implementation in Fall 2024. All customers will receive the update\nthrough OTA (over the air) mechanisms. No further actions are required by customers."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-38279",
    "datePublished": "2024-06-13T17:00:20.515Z",
    "dateReserved": "2024-06-12T16:16:09.648Z",
    "dateUpdated": "2024-08-02T04:04:25.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37893 (GCVE-0-2024-37893)

Vulnerability from cvelistv5 – Published: 2024-06-17 19:39 – Updated: 2024-08-02 03:57
VLAI
Title
MFA bypass in oauth flow in Firefly III
Summary
Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password. This problem has been patched in Firefly III v6.1.17 and up. Users are advised to upgrade. Users unable to upgrade should Use a unique password for their Firefly III instance and store their password securely, i.e. in a password manager.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
firefly-iii firefly-iii Affected: < 6.1.17
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-15T19:20:53.573120Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T19:21:00.203Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:57:39.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w"
          },
          {
            "name": "https://owasp.org/www-community/attacks/Password_Spraying_Attack",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack"
          },
          {
            "name": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firefly-iii",
          "vendor": "firefly-iii",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.1.17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password. This problem has been patched in Firefly III v6.1.17 and up. Users are advised to upgrade. Users unable to upgrade should Use a unique password for their Firefly III instance and store their password securely, i.e. in a password manager."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-17T19:39:32.438Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w"
        },
        {
          "name": "https://owasp.org/www-community/attacks/Password_Spraying_Attack",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack"
        },
        {
          "name": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass"
        }
      ],
      "source": {
        "advisory": "GHSA-4gm4-c4mh-4p7w",
        "discovery": "UNKNOWN"
      },
      "title": "MFA bypass in oauth flow in Firefly III"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-37893",
    "datePublished": "2024-06-17T19:39:32.438Z",
    "dateReserved": "2024-06-10T19:54:41.361Z",
    "dateUpdated": "2024-08-02T03:57:39.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35214 (GCVE-0-2024-35214)

Vulnerability from cvelistv5 – Published: 2024-08-20 17:24 – Updated: 2024-09-29 05:02
VLAI
Title
Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows
Summary
A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
BlackBerry CylanceOPTICS for Windows Affected: 3.2 and 3.3
Create a notification for this product.
blackberry cylanceoptics Affected: 3.2
Affected: 3.3
    cpe:2.3:a:blackberry:cylanceoptics:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-20 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:blackberry:cylanceoptics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "cylanceoptics",
            "vendor": "blackberry",
            "versions": [
              {
                "status": "affected",
                "version": "3.2"
              },
              {
                "status": "affected",
                "version": "3.3"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35214",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T20:04:49.459656Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T20:09:41.776Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-29T05:02:37.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/52"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Windows Installer Package"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "CylanceOPTICS for Windows",
          "vendor": "BlackBerry",
          "versions": [
            {
              "status": "affected",
              "version": "3.2 and 3.3"
            }
          ]
        }
      ],
      "datePublic": "2024-08-20T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etampering\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability in the\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Cylance\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e"
            }
          ],
          "value": "A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-20T17:24:53.815Z",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "url": "https://support.blackberry.com/pkb/s/article/140080"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2024-35214",
    "datePublished": "2024-08-20T17:24:53.815Z",
    "dateReserved": "2024-05-13T21:20:04.327Z",
    "dateUpdated": "2024-09-29T05:02:37.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.