CWE-754
Allowed-with-ReviewImproper Check for Unusual or Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
905 vulnerabilities reference this CWE, most recent first.
CVE-2022-22180 (GCVE-0-2022-22180)
Vulnerability from cvelistv5 – Published: 2022-01-19 00:21 – Updated: 2024-09-17 02:42- CWE-754 - Improper Check for Unusual or Exceptional Conditions
- Denial of Service (DoS)
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11286 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.4 , < 18.4R2-S10, 18.4R3-S10
(custom)
Affected: 19.1 , < 19.1R3-S7 (custom) Affected: 19.2 , < 19.2R1-S8, 19.2R3-S4 (custom) Affected: 19.3 , < 19.3R3-S5 (custom) Affected: 19.4 , < 19.4R3-S7 (custom) Affected: 20.1 , < 20.1R3-S3 (custom) Affected: 20.2 , < 20.2R3-S3 (custom) Affected: 20.3 , < 20.3R3-S2 (custom) Affected: 20.4 , < 20.4R3-S1 (custom) Affected: 21.1 , < 21.1R2-S2, 21.1R3 (custom) Affected: 21.2 , < 21.2R1-S2, 21.2R2 (custom) Affected: 21.3 , < 21.3R1-S1, 21.3R2 (custom) |
|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 18.4R2-S10, 18.4R3-S10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX2300 Series, EX2300-MP Series, EX3400 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R2-S10, 18.4R3-S10",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S4",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S5",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S7",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S1",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2-S2, 21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S2, 21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R1-S1, 21.3R2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R2-S10, 18.4R3-S10",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command \"show heap\" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA \u003c\u003c\u003c\u003c 5 903fffe0 20971504 20971504 0 0 Blob This issue affects: Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T00:21:31.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11286"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.2R3, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11286",
"defect": [
"1619970"
],
"discovery": "USER"
},
"title": "Junos OS: EX2300 Series, EX2300-MP Series, EX3400 Series: A slow memory leak due to processing of specific IPv6 packets",
"workarounds": [
{
"lang": "en",
"value": "If IPv6 is not used in the environment, to prevent the issue an administrator can apply a firewall filter for blocking IPv6 packets on the ingress port where the traffic might be received:\n [firewall family ethernet-switching filter BLOCK-IPv6 interface-specific]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 from ether-type ipv6]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then discard]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then count BLOCK-IPv6_COUNT]\n [firewall family ethernet-switching filter BLOCK-IPv6 term default then accept]\n [interfaces \u003cinterface ID\u003e family ethernet-switching filter input BLOCK-IPv6]"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22180",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2300 Series, EX2300-MP Series, EX3400 Series: A slow memory leak due to processing of specific IPv6 packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S10, 18.4R3-S10"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S7"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S5"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S7"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R1-S2, 21.2R2"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R1-S1, 21.3R2"
},
{
"version_affected": "!\u003c",
"version_value": "18.4R2-S10, 18.4R3-S10"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command \"show heap\" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA \u003c\u003c\u003c\u003c 5 903fffe0 20971504 20971504 0 0 Blob This issue affects: Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11286",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11286"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.2R3, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11286",
"defect": [
"1619970"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "If IPv6 is not used in the environment, to prevent the issue an administrator can apply a firewall filter for blocking IPv6 packets on the ingress port where the traffic might be received:\n [firewall family ethernet-switching filter BLOCK-IPv6 interface-specific]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 from ether-type ipv6]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then discard]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then count BLOCK-IPv6_COUNT]\n [firewall family ethernet-switching filter BLOCK-IPv6 term default then accept]\n [interfaces \u003cinterface ID\u003e family ethernet-switching filter input BLOCK-IPv6]"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22180",
"datePublished": "2022-01-19T00:21:31.093Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:42:37.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22171 (GCVE-0-2022-22171)
Vulnerability from cvelistv5 – Published: 2022-01-19 00:21 – Updated: 2024-09-16 16:43- Denial of Service (DoS)
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11277 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 19.4R1
(custom)
Affected: 19.4 , < 19.4R3-S7 (custom) Affected: 20.1 , < 20.1R3-S3 (custom) Affected: 20.2 , < 20.2R3-S3 (custom) Affected: 20.3 , < 20.3R3-S2 (custom) Affected: 20.4 , < 20.4R3-S1 (custom) Affected: 21.1 , < 21.1R3 (custom) Affected: 21.2 , < 21.2R2 (custom) Affected: 21.3 , < 21.3R1-S1, 21.3R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S7",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S1",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R1-S1, 21.3R2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "For this issue to be exploitable a configuration like the following will have to exist:\n\n [ routing-instances \u003cRI-name\u003e instance-type virtual-switch ]\n [ routing-instances \u003cRI-name\u003e bridge-domains \u003cBD-name\u003e vlan-id \u003cvlan#n\u003e ]\n [ routing-instances \u003cRI-name\u003e bridge-domains \u003cBD-name\u003e vxlan ... ]\n [ interfaces ae0 unit \u003cunit#\u003e vlan-id \u003cvlan#n\u003e ]\n [ interfaces ae0 unit \u003cunit#\u003e family inet(6) address ... ]"
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect versions of Junos OS prior to 19.4R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T00:21:18.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11277"
}
],
"solutions": [
{
"lang": "en",
"value": "The following Junos OS software releases have been updated to resolve this specific issue: 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11277",
"defect": [
"1625292"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: Specific packets over VXLAN cause FPC reset",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22171",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Specific packets over VXLAN cause FPC reset"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R1-S1, 21.3R2"
},
{
"version_affected": "!\u003c",
"version_value": "19.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "For this issue to be exploitable a configuration like the following will have to exist:\n\n [ routing-instances \u003cRI-name\u003e instance-type virtual-switch ]\n [ routing-instances \u003cRI-name\u003e bridge-domains \u003cBD-name\u003e vlan-id \u003cvlan#n\u003e ]\n [ routing-instances \u003cRI-name\u003e bridge-domains \u003cBD-name\u003e vxlan ... ]\n [ interfaces ae0 unit \u003cunit#\u003e vlan-id \u003cvlan#n\u003e ]\n [ interfaces ae0 unit \u003cunit#\u003e family inet(6) address ... ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect versions of Junos OS prior to 19.4R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11277",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11277"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following Junos OS software releases have been updated to resolve this specific issue: 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11277",
"defect": [
"1625292"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22171",
"datePublished": "2022-01-19T00:21:18.633Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:43:40.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21676 (GCVE-0-2022-21676)
Vulnerability from cvelistv5 – Published: 2022-01-12 18:25 – Updated: 2025-04-23 19:13- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://github.com/socketio/engine.io/security/ad… | x_refsource_CONFIRM |
| https://github.com/socketio/engine.io/commit/66f8… | x_refsource_MISC |
| https://github.com/socketio/engine.io/commit/a708… | x_refsource_MISC |
| https://github.com/socketio/engine.io/commit/c0e1… | x_refsource_MISC |
| https://github.com/socketio/engine.io/releases/ta… | x_refsource_MISC |
| https://github.com/socketio/engine.io/releases/ta… | x_refsource_MISC |
| https://github.com/socketio/engine.io/releases/ta… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022020… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/socketio/engine.io/releases/tag/4.1.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/socketio/engine.io/releases/tag/5.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/socketio/engine.io/releases/tag/6.1.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220209-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:58:14.583594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:13:15.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "engine.io",
"vendor": "socketio",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.2"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.2.1"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T23:06:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/socketio/engine.io/releases/tag/4.1.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/socketio/engine.io/releases/tag/5.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/socketio/engine.io/releases/tag/6.1.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220209-0002/"
}
],
"source": {
"advisory": "GHSA-273r-mgr4-v34f",
"discovery": "UNKNOWN"
},
"title": "Uncaught Exception in engine.io",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21676",
"STATE": "PUBLIC",
"TITLE": "Uncaught Exception in engine.io"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "engine.io",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.0.0, \u003c 4.1.2"
},
{
"version_value": "\u003e= 5.0.0, \u003c 5.2.1"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.1.1"
}
]
}
}
]
},
"vendor_name": "socketio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f",
"refsource": "CONFIRM",
"url": "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"
},
{
"name": "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab",
"refsource": "MISC",
"url": "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"
},
{
"name": "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db",
"refsource": "MISC",
"url": "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"
},
{
"name": "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c",
"refsource": "MISC",
"url": "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"
},
{
"name": "https://github.com/socketio/engine.io/releases/tag/4.1.2",
"refsource": "MISC",
"url": "https://github.com/socketio/engine.io/releases/tag/4.1.2"
},
{
"name": "https://github.com/socketio/engine.io/releases/tag/5.2.1",
"refsource": "MISC",
"url": "https://github.com/socketio/engine.io/releases/tag/5.2.1"
},
{
"name": "https://github.com/socketio/engine.io/releases/tag/6.1.1",
"refsource": "MISC",
"url": "https://github.com/socketio/engine.io/releases/tag/6.1.1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220209-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220209-0002/"
}
]
},
"source": {
"advisory": "GHSA-273r-mgr4-v34f",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21676",
"datePublished": "2022-01-12T18:25:15.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:13:15.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20837 (GCVE-0-2022-20837)
Vulnerability from cvelistv5 – Published: 2022-10-10 20:43 – Updated: 2024-11-01 18:49| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220928 Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:43:46.894687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T18:49:14.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220928 Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX"
}
],
"source": {
"advisory": "cisco-sa-alg-dos-KU9Z8kFX",
"defect": [
[
"CSCwa78096"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20837",
"datePublished": "2022-10-10T20:43:16.154Z",
"dateReserved": "2021-11-02T00:00:00.000Z",
"dateUpdated": "2024-11-01T18:49:14.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20804 (GCVE-0-2022-20804)
Vulnerability from cvelistv5 – Published: 2022-04-21 18:50 – Updated: 2024-11-06 16:21| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220420 Cisco Unified Communications Products Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:43.925818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:21:58.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-21T18:50:57.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220420 Cisco Unified Communications Products Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD"
}
],
"source": {
"advisory": "cisco-sa-ucm-dos-zHS9X9kD",
"defect": [
[
"CSCvy44822"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Products Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-04-20T23:00:00",
"ID": "CVE-2022-20804",
"STATE": "PUBLIC",
"TITLE": "Cisco Unified Communications Products Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220420 Cisco Unified Communications Products Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD"
}
]
},
"source": {
"advisory": "cisco-sa-ucm-dos-zHS9X9kD",
"defect": [
[
"CSCvy44822"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20804",
"datePublished": "2022-04-21T18:50:57.188Z",
"dateReserved": "2021-11-02T00:00:00.000Z",
"dateUpdated": "2024-11-06T16:21:58.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3616 (GCVE-0-2022-3616)
Vulnerability from cvelistv5 – Published: 2022-10-28 06:24 – Updated: 2025-05-05 19:19| Vendor | Product | Version | |
|---|---|---|---|
| Cloudflare | OctoRPKI |
Affected:
0 , < <1.4.4
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T19:18:52.761100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T19:19:50.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Go"
],
"product": "OctoRPKI",
"repo": "https://github.com/cloudflare/cfrpki",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "\u003c1.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Donika Mirdita - Fraunhofer SIT, ATHENE "
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haya Shulman - Fraunhofer SIT, ATHENE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAttackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to\u0026nbsp;Donika Mirdita and\u0026nbsp;Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to\u00a0Donika Mirdita and\u00a0Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834 Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T08:43:36.139Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc"
}
],
"source": {
"advisory": "GHSA-pmw9-567p-68pc",
"discovery": "EXTERNAL"
},
"title": "OctoRPKI crash when maximum iterations number is reached",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2022-3616",
"datePublished": "2022-10-28T06:24:44.189Z",
"dateReserved": "2022-10-20T11:13:34.797Z",
"dateUpdated": "2025-05-05T19:19:50.911Z",
"requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3192 (GCVE-0-2022-3192)
Vulnerability from cvelistv5 – Published: 2023-03-31 16:13 – Updated: 2025-02-11 18:40- CWE-754 - Improper Check for Unusual or Exceptional Conditions
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:39:53.320995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:40:07.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://abb.com/plc",
"defaultStatus": "unknown",
"packageName": "PM5xx",
"product": "AC500 V2",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.8.6",
"status": "affected",
"version": "2.0.0",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.\u003cp\u003eThis issue affects AC500 V2: from 2.0.0 before 2.8.6.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220 Client-Server Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T03:57:46.530Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": " Improper Check for Unusual or Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUse the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis protocol/port is not affected by the DoS impact of the vulnerability.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-3192",
"datePublished": "2023-03-31T16:13:13.149Z",
"dateReserved": "2022-09-13T05:57:45.421Z",
"dateUpdated": "2025-02-11T18:40:07.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43801 (GCVE-0-2021-43801)
Vulnerability from cvelistv5 – Published: 2021-12-13 19:30 – Updated: 2024-08-04 04:03- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://github.com/mercurius-js/mercurius/securit… | x_refsource_CONFIRM |
| https://github.com/mercurius-js/mercurius/issues/677 | x_refsource_MISC |
| https://github.com/mercurius-js/mercurius/pull/67… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| mercurius-js | mercurius |
Affected:
>= 8.10.0, < 8.11.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f3x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mercurius-js/mercurius/issues/677"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd7b173dcd2d141d54b223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mercurius",
"vendor": "mercurius-js",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.10.0, \u003c 8.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T19:30:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f3x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mercurius-js/mercurius/issues/677"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd7b173dcd2d141d54b223"
}
],
"source": {
"advisory": "GHSA-273r-rm8g-7f3x",
"discovery": "UNKNOWN"
},
"title": "Uncaught Exception in mercurius",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43801",
"STATE": "PUBLIC",
"TITLE": "Uncaught Exception in mercurius"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mercurius",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.10.0, \u003c 8.11.2"
}
]
}
}
]
},
"vendor_name": "mercurius-js"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f3x",
"refsource": "CONFIRM",
"url": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f3x"
},
{
"name": "https://github.com/mercurius-js/mercurius/issues/677",
"refsource": "MISC",
"url": "https://github.com/mercurius-js/mercurius/issues/677"
},
{
"name": "https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd7b173dcd2d141d54b223",
"refsource": "MISC",
"url": "https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd7b173dcd2d141d54b223"
}
]
},
"source": {
"advisory": "GHSA-273r-rm8g-7f3x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43801",
"datePublished": "2021-12-13T19:30:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42020 (GCVE-0-2021-42020)
Vulnerability from cvelistv5 – Published: 2022-03-08 11:31 – Updated: 2025-08-12 11:11- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM i800 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM i800NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM i801 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM i801NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM i802 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM i802NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM i803 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM i803NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM M2100 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM M2100NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM M2200 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM M2200NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM M969 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM M969NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RMC30 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RMC30NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RMC8388 V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RMC8388 V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RMC8388NC V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RMC8388NC V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RP110 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RP110NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS1600 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS1600F |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS1600FNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS1600NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS1600T |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS1600TNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS400 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS400NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS401 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS401NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416NCv2 V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416NCv2 V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RS416P |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNCv2 V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNCv2 V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RS416Pv2 V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416Pv2 V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RS416v2 V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS416v2 V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RS8000 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS8000A |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS8000ANC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS8000H |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS8000HNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS8000NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS8000T |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS8000TNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900 (32M) V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900 (32M) V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RS900G |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900G (32M) V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900G (32M) V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RS900GNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900GNC(32M) V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900GNC(32M) V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RS900GP |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900GPNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900L |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900LNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900M-GETS-C01 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900M-GETS-XX |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900M-STND-C01 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900M-STND-XX |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900MNC-GETS-C01 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900MNC-GETS-XX |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900MNC-STND-XX |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900MNC-STND-XX-C01 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900NC(32M) V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS900NC(32M) V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RS900W |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS910 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS910L |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS910LNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS910NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS910W |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS920L |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS920LNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS920W |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS930L |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS930LNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS930W |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS940G |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS940GNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS969 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RS969NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100 (32M) V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100 (32M) V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100NC(32M) V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100NC(32M) V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100P |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100P (32M) V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100P (32M) V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100PNC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100PNC (32M) V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100PNC (32M) V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2200 |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2200NC |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2288 V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2288 V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2288NC V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2288NC V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300 V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300 V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300NC V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300NC V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300P V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300P V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300PNC V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300PNC V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2488 V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2488 V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG2488NC V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG2488NC V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG907R |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG908C |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG909R |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG910C |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG920P V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG920P V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSG920PNC V4.X |
Affected:
0 , < V4.3.8
(custom)
|
|
| Siemens | RUGGEDCOM RSG920PNC V5.X |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSL910 |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RSL910NC |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RST2228 |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RST2228P |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RST916C |
Affected:
0 , < V5.6.0
(custom)
|
|
| Siemens | RUGGEDCOM RST916P |
Affected:
0 , < V5.6.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i800",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i800NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i801",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i801NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i802",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i802NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i803",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i803NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M2100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M2100NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M2200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M2200NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M969",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M969NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC30",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC30NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC8388 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC8388 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC8388NC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC8388NC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RP110",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RP110NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600F",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600FNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600T",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600TNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS400NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS401",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS401NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NCv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NCv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNCv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNCv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416Pv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416Pv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416v2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416v2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000A",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000ANC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000HNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000T",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000TNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900 (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900 (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900G (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900G (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GNC(32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GNC(32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GPNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900M-GETS-C01",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900M-GETS-XX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900M-STND-C01",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900M-STND-XX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900MNC-GETS-C01",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900MNC-GETS-XX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900MNC-STND-XX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900MNC-STND-XX-C01",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900NC(32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900NC(32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS930L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS930LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS930W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS940G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS940GNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS969",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS969NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100 (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100 (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100NC(32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100NC(32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100P (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100P (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100PNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100PNC (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100PNC (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2200NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2288 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2288 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2288NC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2288NC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300NC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300NC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300P V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300P V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300PNC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300PNC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2488 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2488 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2488NC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2488NC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG907R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG908C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG909R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG910C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG920P V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG920P V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG920PNC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG920PNC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSL910",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSL910NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2228",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2228P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST916C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST916P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names.\r\n\r\nIf an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:11:10.916Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-42020",
"datePublished": "2022-03-08T11:31:20.000Z",
"dateReserved": "2021-10-06T00:00:00.000Z",
"dateUpdated": "2025-08-12T11:11:10.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41135 (GCVE-0-2021-41135)
Vulnerability from cvelistv5 – Published: 2021-10-20 18:05 – Updated: 2024-08-04 02:59- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://github.com/cosmos/cosmos-sdk/security/adv… | x_refsource_CONFIRM |
| https://github.com/cosmos/cosmos-sdk/commit/68ab7… | x_refsource_MISC |
| https://forum.cosmos.network/t/cosmos-sdk-vulnera… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| cosmos | cosmos-sdk |
Affected:
>= 0.43.0, < 0.44.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cosmos-sdk",
"vendor": "cosmos",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 0.44.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node\u2019s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T18:05:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
}
],
"source": {
"advisory": "GHSA-2p6r-37p9-89p2",
"discovery": "UNKNOWN"
},
"title": "Authz Module Non-Determinism",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41135",
"STATE": "PUBLIC",
"TITLE": "Authz Module Non-Determinism"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cosmos-sdk",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.43.0, \u003c 0.44.2"
}
]
}
}
]
},
"vendor_name": "cosmos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node\u2019s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2",
"refsource": "CONFIRM",
"url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
},
{
"name": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee",
"refsource": "MISC",
"url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
},
{
"name": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349",
"refsource": "MISC",
"url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
}
]
},
"source": {
"advisory": "GHSA-2p6r-37p9-89p2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41135",
"datePublished": "2021-10-20T18:05:10.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Check the results of all functions that return a value and verify that the value is expected.
Mitigation
If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
- Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-38
If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.
Mitigation
Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.
No CAPEC attack patterns related to this CWE.