Common Weakness Enumeration

CWE-754

Allowed-with-Review

Improper Check for Unusual or Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

905 vulnerabilities reference this CWE, most recent first.

CVE-2022-22180 (GCVE-0-2022-22180)

Vulnerability from cvelistv5 – Published: 2022-01-19 00:21 – Updated: 2024-09-17 02:42
VLAI
Title
Junos OS: EX2300 Series, EX2300-MP Series, EX3400 Series: A slow memory leak due to processing of specific IPv6 packets
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command "show heap" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA <<<< 5 903fffe0 20971504 20971504 0 0 Blob This issue affects: Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
  • Denial of Service (DoS)
Assigner
References
URL Tags
https://kb.juniper.net/JSA11286 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 18.4 , < 18.4R2-S10, 18.4R3-S10 (custom)
Affected: 19.1 , < 19.1R3-S7 (custom)
Affected: 19.2 , < 19.2R1-S8, 19.2R3-S4 (custom)
Affected: 19.3 , < 19.3R3-S5 (custom)
Affected: 19.4 , < 19.4R3-S7 (custom)
Affected: 20.1 , < 20.1R3-S3 (custom)
Affected: 20.2 , < 20.2R3-S3 (custom)
Affected: 20.3 , < 20.3R3-S2 (custom)
Affected: 20.4 , < 20.4R3-S1 (custom)
Affected: 21.1 , < 21.1R2-S2, 21.1R3 (custom)
Affected: 21.2 , < 21.2R1-S2, 21.2R2 (custom)
Affected: 21.3 , < 21.3R1-S1, 21.3R2 (custom)
Create a notification for this product.
Juniper Networks Junos OS Unaffected: unspecified , < 18.4R2-S10, 18.4R3-S10 (custom)
Create a notification for this product.
Date Public
2022-01-12 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:50.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11286"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "EX2300 Series, EX2300-MP Series, EX3400 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.4R2-S10, 18.4R3-S10",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R3-S7",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S8, 19.2R3-S4",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R3-S5",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R3-S7",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R3-S3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S3",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S2",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S1",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R2-S2, 21.1R3",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R1-S2, 21.2R2",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R1-S1, 21.3R2",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.4R2-S10, 18.4R3-S10",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-01-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command \"show heap\" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA \u003c\u003c\u003c\u003c 5 903fffe0 20971504 20971504 0 0 Blob This issue affects: Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-19T00:21:31.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11286"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.2R3, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11286",
        "defect": [
          "1619970"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: EX2300 Series, EX2300-MP Series, EX3400 Series: A slow memory leak due to processing of specific IPv6 packets",
      "workarounds": [
        {
          "lang": "en",
          "value": "If IPv6 is not used in the environment, to prevent the issue an administrator can apply a firewall filter for blocking IPv6 packets on the ingress port where the traffic might be received:\n  [firewall family ethernet-switching filter BLOCK-IPv6 interface-specific]\n  [firewall family ethernet-switching filter BLOCK-IPv6 term 1 from ether-type ipv6]\n  [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then discard]\n  [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then count BLOCK-IPv6_COUNT]\n  [firewall family ethernet-switching filter BLOCK-IPv6 term default then accept]\n  [interfaces \u003cinterface ID\u003e family ethernet-switching filter input BLOCK-IPv6]"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
          "ID": "CVE-2022-22180",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: EX2300 Series, EX2300-MP Series, EX3400 Series: A slow memory leak due to processing of specific IPv6 packets"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R2-S10, 18.4R3-S10"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R3-S7"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S8, 19.2R3-S4"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R3-S5"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R3-S7"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R3-S3"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R3-S3"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R3-S2"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R3-S1"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "21.1",
                            "version_value": "21.1R2-S2, 21.1R3"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "21.2",
                            "version_value": "21.2R1-S2, 21.2R2"
                          },
                          {
                            "platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
                            "version_affected": "\u003c",
                            "version_name": "21.3",
                            "version_value": "21.3R1-S1, 21.3R2"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_value": "18.4R2-S10, 18.4R3-S10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command \"show heap\" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA \u003c\u003c\u003c\u003c 5 903fffe0 20971504 20971504 0 0 Blob This issue affects: Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11286",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11286"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.2R3, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11286",
          "defect": [
            "1619970"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "If IPv6 is not used in the environment, to prevent the issue an administrator can apply a firewall filter for blocking IPv6 packets on the ingress port where the traffic might be received:\n  [firewall family ethernet-switching filter BLOCK-IPv6 interface-specific]\n  [firewall family ethernet-switching filter BLOCK-IPv6 term 1 from ether-type ipv6]\n  [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then discard]\n  [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then count BLOCK-IPv6_COUNT]\n  [firewall family ethernet-switching filter BLOCK-IPv6 term default then accept]\n  [interfaces \u003cinterface ID\u003e family ethernet-switching filter input BLOCK-IPv6]"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2022-22180",
    "datePublished": "2022-01-19T00:21:31.093Z",
    "dateReserved": "2021-12-21T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:42:37.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22171 (GCVE-0-2022-22171)

Vulnerability from cvelistv5 – Published: 2022-01-19 00:21 – Updated: 2024-09-16 16:43
VLAI
Title
Junos OS: Specific packets over VXLAN cause FPC reset
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect versions of Junos OS prior to 19.4R1.
CWE
  • Denial of Service (DoS)
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
URL Tags
https://kb.juniper.net/JSA11277 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Unaffected: unspecified , < 19.4R1 (custom)
Affected: 19.4 , < 19.4R3-S7 (custom)
Affected: 20.1 , < 20.1R3-S3 (custom)
Affected: 20.2 , < 20.2R3-S3 (custom)
Affected: 20.3 , < 20.3R3-S2 (custom)
Affected: 20.4 , < 20.4R3-S1 (custom)
Affected: 21.1 , < 21.1R3 (custom)
Affected: 21.2 , < 21.2R2 (custom)
Affected: 21.3 , < 21.3R1-S1, 21.3R2 (custom)
Create a notification for this product.
Date Public
2022-01-12 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:49.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11277"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.4R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R3-S7",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R3-S3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S3",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S2",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S1",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R2",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R1-S1, 21.3R2",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "For this issue to be exploitable a configuration like the following will have to exist:\n\n  [ routing-instances \u003cRI-name\u003e instance-type virtual-switch ]\n  [ routing-instances \u003cRI-name\u003e bridge-domains \u003cBD-name\u003e vlan-id \u003cvlan#n\u003e ]\n  [ routing-instances \u003cRI-name\u003e bridge-domains \u003cBD-name\u003e vxlan ... ]\n  [ interfaces ae0 unit \u003cunit#\u003e vlan-id \u003cvlan#n\u003e ]\n  [ interfaces ae0 unit \u003cunit#\u003e family inet(6) address ... ]"
        }
      ],
      "datePublic": "2022-01-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect versions of Junos OS prior to 19.4R1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-19T00:21:18.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11277"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following Junos OS software releases have been updated to resolve this specific issue: 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11277",
        "defect": [
          "1625292"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: Specific packets over VXLAN cause FPC reset",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
          "ID": "CVE-2022-22171",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: Specific packets over VXLAN cause FPC reset"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R3-S7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R3-S2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R3-S1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "21.1",
                            "version_value": "21.1R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "21.2",
                            "version_value": "21.2R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "21.3",
                            "version_value": "21.3R1-S1, 21.3R2"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_value": "19.4R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "For this issue to be exploitable a configuration like the following will have to exist:\n\n  [ routing-instances \u003cRI-name\u003e instance-type virtual-switch ]\n  [ routing-instances \u003cRI-name\u003e bridge-domains \u003cBD-name\u003e vlan-id \u003cvlan#n\u003e ]\n  [ routing-instances \u003cRI-name\u003e bridge-domains \u003cBD-name\u003e vxlan ... ]\n  [ interfaces ae0 unit \u003cunit#\u003e vlan-id \u003cvlan#n\u003e ]\n  [ interfaces ae0 unit \u003cunit#\u003e family inet(6) address ... ]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect versions of Junos OS prior to 19.4R1."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11277",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11277"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following Junos OS software releases have been updated to resolve this specific issue: 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11277",
          "defect": [
            "1625292"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2022-22171",
    "datePublished": "2022-01-19T00:21:18.633Z",
    "dateReserved": "2021-12-21T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:43:40.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-21676 (GCVE-0-2022-21676)

Vulnerability from cvelistv5 – Published: 2022-01-12 18:25 – Updated: 2025-04-23 19:13
VLAI
Title
Uncaught Exception in engine.io
Summary
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
socketio engine.io Affected: >= 4.0.0, < 4.1.2
Affected: >= 5.0.0, < 5.2.1
Affected: >= 6.0.0, < 6.1.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:46:39.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/releases/tag/4.1.2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/releases/tag/5.2.1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/releases/tag/6.1.1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220209-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21676",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:58:14.583594Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T19:13:15.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "engine.io",
          "vendor": "socketio",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.1.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-13T23:06:11.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/engine.io/releases/tag/4.1.2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/engine.io/releases/tag/5.2.1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/engine.io/releases/tag/6.1.1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220209-0002/"
        }
      ],
      "source": {
        "advisory": "GHSA-273r-mgr4-v34f",
        "discovery": "UNKNOWN"
      },
      "title": "Uncaught Exception in engine.io",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-21676",
          "STATE": "PUBLIC",
          "TITLE": "Uncaught Exception in engine.io"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "engine.io",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 4.0.0, \u003c 4.1.2"
                          },
                          {
                            "version_value": "\u003e= 5.0.0, \u003c 5.2.1"
                          },
                          {
                            "version_value": "\u003e= 6.0.0, \u003c 6.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "socketio"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f",
              "refsource": "CONFIRM",
              "url": "https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"
            },
            {
              "name": "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab",
              "refsource": "MISC",
              "url": "https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"
            },
            {
              "name": "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db",
              "refsource": "MISC",
              "url": "https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"
            },
            {
              "name": "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c",
              "refsource": "MISC",
              "url": "https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"
            },
            {
              "name": "https://github.com/socketio/engine.io/releases/tag/4.1.2",
              "refsource": "MISC",
              "url": "https://github.com/socketio/engine.io/releases/tag/4.1.2"
            },
            {
              "name": "https://github.com/socketio/engine.io/releases/tag/5.2.1",
              "refsource": "MISC",
              "url": "https://github.com/socketio/engine.io/releases/tag/5.2.1"
            },
            {
              "name": "https://github.com/socketio/engine.io/releases/tag/6.1.1",
              "refsource": "MISC",
              "url": "https://github.com/socketio/engine.io/releases/tag/6.1.1"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220209-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220209-0002/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-273r-mgr4-v34f",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-21676",
    "datePublished": "2022-01-12T18:25:15.000Z",
    "dateReserved": "2021-11-16T00:00:00.000Z",
    "dateUpdated": "2025-04-23T19:13:15.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-20837 (GCVE-0-2022-20837)

Vulnerability from cvelistv5 – Published: 2022-10-10 20:43 – Updated: 2024-11-01 18:49
VLAI
Title
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability
Summary
A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Date Public
2022-09-28 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:49.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220928 Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20837",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T18:43:46.894687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T18:49:14.323Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-09-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-10T00:00:00.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220928 Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX"
        }
      ],
      "source": {
        "advisory": "cisco-sa-alg-dos-KU9Z8kFX",
        "defect": [
          [
            "CSCwa78096"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20837",
    "datePublished": "2022-10-10T20:43:16.154Z",
    "dateReserved": "2021-11-02T00:00:00.000Z",
    "dateUpdated": "2024-11-01T18:49:14.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-20804 (GCVE-0-2022-20804)

Vulnerability from cvelistv5 – Published: 2022-04-21 18:50 – Updated: 2024-11-06 16:21
VLAI
Title
Cisco Unified Communications Products Denial of Service Vulnerability
Summary
A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2022-04-20 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:49.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220420 Cisco Unified Communications Products Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20804",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T15:58:43.925818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T16:21:58.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-04-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-21T18:50:57.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220420 Cisco Unified Communications Products Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucm-dos-zHS9X9kD",
        "defect": [
          [
            "CSCvy44822"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Communications Products Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-04-20T23:00:00",
          "ID": "CVE-2022-20804",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Communications Products Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Communications Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220420 Cisco Unified Communications Products Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ucm-dos-zHS9X9kD",
          "defect": [
            [
              "CSCvy44822"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20804",
    "datePublished": "2022-04-21T18:50:57.188Z",
    "dateReserved": "2021-11-02T00:00:00.000Z",
    "dateUpdated": "2024-11-06T16:21:58.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3616 (GCVE-0-2022-3616)

Vulnerability from cvelistv5 – Published: 2022-10-28 06:24 – Updated: 2025-05-05 19:19
VLAI
Title
OctoRPKI crash when maximum iterations number is reached
Summary
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
  • CWE-834 - Excessive Iteration
Assigner
Impacted products
Vendor Product Version
Cloudflare OctoRPKI Affected: 0 , < <1.4.4 (semver)
Create a notification for this product.
Credits
Donika Mirdita - Fraunhofer SIT, ATHENE Haya Shulman - Fraunhofer SIT, ATHENE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:03.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3616",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-05T19:18:52.761100Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T19:19:50.911Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Go"
          ],
          "product": "OctoRPKI",
          "repo": "https://github.com/cloudflare/cfrpki",
          "vendor": "Cloudflare",
          "versions": [
            {
              "lessThan": "\u003c1.4.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Donika Mirdita - Fraunhofer SIT, ATHENE "
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Haya Shulman - Fraunhofer SIT, ATHENE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAttackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to\u0026nbsp;Donika Mirdita and\u0026nbsp;Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to\u00a0Donika Mirdita and\u00a0Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-834",
              "description": "CWE-834 Excessive Iteration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-29T08:43:36.139Z",
        "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
        "shortName": "cloudflare"
      },
      "references": [
        {
          "url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc"
        }
      ],
      "source": {
        "advisory": "GHSA-pmw9-567p-68pc",
        "discovery": "EXTERNAL"
      },
      "title": "OctoRPKI crash when maximum iterations number is reached",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
    "assignerShortName": "cloudflare",
    "cveId": "CVE-2022-3616",
    "datePublished": "2022-10-28T06:24:44.189Z",
    "dateReserved": "2022-10-20T11:13:34.797Z",
    "dateUpdated": "2025-05-05T19:19:50.911Z",
    "requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3192 (GCVE-0-2022-3192)

Vulnerability from cvelistv5 – Published: 2023-03-31 16:13 – Updated: 2025-02-11 18:40
VLAI
Title
Improper Check for Unusual or Exceptional Conditions
Summary
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
ABB
Impacted products
Vendor Product Version
ABB AC500 V2 Affected: 2.0.0 , < 2.8.6 (release)
Create a notification for this product.
Credits
ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3192",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T18:39:53.320995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T18:40:07.850Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://abb.com/plc",
          "defaultStatus": "unknown",
          "packageName": "PM5xx",
          "product": "AC500 V2",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "2.8.6",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "ABB thanks the following for working with us to help protect customers:  CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.\u003cp\u003eThis issue affects AC500 V2: from 2.0.0 before 2.8.6.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-220",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-220 Client-Server Protocol Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-13T03:57:46.530Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": " Improper Check for Unusual or Exceptional Conditions",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eUse the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis protocol/port is not affected by the DoS impact of the vulnerability.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2022-3192",
    "datePublished": "2023-03-31T16:13:13.149Z",
    "dateReserved": "2022-09-13T05:57:45.421Z",
    "dateUpdated": "2025-02-11T18:40:07.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-43801 (GCVE-0-2021-43801)

Vulnerability from cvelistv5 – Published: 2021-12-13 19:30 – Updated: 2024-08-04 04:03
VLAI
Title
Uncaught Exception in mercurius
Summary
Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
mercurius-js mercurius Affected: >= 8.10.0, < 8.11.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:03:08.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f3x"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mercurius-js/mercurius/issues/677"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd7b173dcd2d141d54b223"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mercurius",
          "vendor": "mercurius-js",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.10.0, \u003c 8.11.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-13T19:30:12.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f3x"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mercurius-js/mercurius/issues/677"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd7b173dcd2d141d54b223"
        }
      ],
      "source": {
        "advisory": "GHSA-273r-rm8g-7f3x",
        "discovery": "UNKNOWN"
      },
      "title": "Uncaught Exception in mercurius",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-43801",
          "STATE": "PUBLIC",
          "TITLE": "Uncaught Exception in mercurius"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mercurius",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 8.10.0, \u003c 8.11.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mercurius-js"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f3x",
              "refsource": "CONFIRM",
              "url": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f3x"
            },
            {
              "name": "https://github.com/mercurius-js/mercurius/issues/677",
              "refsource": "MISC",
              "url": "https://github.com/mercurius-js/mercurius/issues/677"
            },
            {
              "name": "https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd7b173dcd2d141d54b223",
              "refsource": "MISC",
              "url": "https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd7b173dcd2d141d54b223"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-273r-rm8g-7f3x",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-43801",
    "datePublished": "2021-12-13T19:30:12.000Z",
    "dateReserved": "2021-11-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:03:08.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42020 (GCVE-0-2021-42020)

Vulnerability from cvelistv5 – Published: 2022-03-08 11:31 – Updated: 2025-08-12 11:11
VLAI
Summary
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
Siemens RUGGEDCOM i800 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i800NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i801 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i801NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i802 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i802NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i803 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i803NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M2100 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M2100NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M2200 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M2200NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M969 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M969NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC30 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC30NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC8388 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC8388 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC8388NC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC8388NC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RP110 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RP110NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600F Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600FNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600T Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600TNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS400 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS400NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS401 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS401NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416NCv2 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416NCv2 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416P Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416PNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416PNCv2 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416PNCv2 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416Pv2 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416Pv2 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416v2 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416v2 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000A Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000ANC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000H Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000HNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000T Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000TNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900 (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900 (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900G Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900G (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900G (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GNC(32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GNC(32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GP Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GPNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900L Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900LNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900M-GETS-C01 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900M-GETS-XX Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900M-STND-C01 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900M-STND-XX Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900MNC-GETS-C01 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900MNC-GETS-XX Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900MNC-STND-XX Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900MNC-STND-XX-C01 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900NC(32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900NC(32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900W Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910L Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910LNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910W Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS920L Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS920LNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS920W Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS930L Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS930LNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS930W Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS940G Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS940GNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS969 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS969NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100 (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100 (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100NC(32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100NC(32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100P Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100P (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100P (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100PNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100PNC (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100PNC (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2200 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2200NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2288 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2288 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2288NC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2288NC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300NC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300NC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300P V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300P V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300PNC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300PNC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2488 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2488 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2488NC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2488NC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG907R Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG908C Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG909R Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG910C Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG920P V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG920P V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG920PNC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG920PNC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSL910 Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSL910NC Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RST2228 Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RST2228P Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RST916C Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RST916P Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i800",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i800NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i801",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i801NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i802",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i802NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i803",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i803NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M2100",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M2100NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M2200",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M2200NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M969",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M969NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC30",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC30NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388NC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RP110",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RP110NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600F",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600FNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600T",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600TNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS400",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS400NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS401",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS401NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416NCv2 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416NCv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416PNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416PNCv2 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416PNCv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416Pv2 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416Pv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416v2 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416v2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000ANC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000H",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000HNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000T",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000TNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900 (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900 (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900G (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900G (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GNC(32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GNC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GPNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900L",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900LNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900M-GETS-C01",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900M-GETS-XX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900M-STND-C01",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900M-STND-XX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900MNC-GETS-C01",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900MNC-GETS-XX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900MNC-STND-XX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900MNC-STND-XX-C01",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900NC(32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900NC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900W",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910L",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910LNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910W",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS920L",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS920LNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS920W",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS930L",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS930LNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS930W",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS940G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS940GNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS969",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS969NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100 (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100 (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100NC(32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100NC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100P (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100P (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100PNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100PNC (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100PNC (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2200",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2200NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288NC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300NC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300P V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300P V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300PNC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300PNC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488NC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG907R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG908C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG909R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG910C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920P V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920P V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920PNC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920PNC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSL910",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSL910NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST2228",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST2228P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST916C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST916P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names.\r\n\r\nIf an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T11:11:10.916Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-42020",
    "datePublished": "2022-03-08T11:31:20.000Z",
    "dateReserved": "2021-10-06T00:00:00.000Z",
    "dateUpdated": "2025-08-12T11:11:10.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41135 (GCVE-0-2021-41135)

Vulnerability from cvelistv5 – Published: 2021-10-20 18:05 – Updated: 2024-08-04 02:59
VLAI
Title
Authz Module Non-Determinism
Summary
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node’s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
cosmos cosmos-sdk Affected: >= 0.43.0, < 0.44.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:31.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cosmos-sdk",
          "vendor": "cosmos",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.43.0, \u003c 0.44.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node\u2019s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T18:05:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
        }
      ],
      "source": {
        "advisory": "GHSA-2p6r-37p9-89p2",
        "discovery": "UNKNOWN"
      },
      "title": "Authz Module Non-Determinism",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41135",
          "STATE": "PUBLIC",
          "TITLE": "Authz Module Non-Determinism"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "cosmos-sdk",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 0.43.0, \u003c 0.44.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "cosmos"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node\u2019s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2",
              "refsource": "CONFIRM",
              "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
            },
            {
              "name": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee",
              "refsource": "MISC",
              "url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
            },
            {
              "name": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349",
              "refsource": "MISC",
              "url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-2p6r-37p9-89p2",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41135",
    "datePublished": "2021-10-20T18:05:10.000Z",
    "dateReserved": "2021-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T02:59:31.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation
Implementation

If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).

Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
  • Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-38
Architecture and Design Implementation

If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.

Mitigation
Architecture and Design

Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.

No CAPEC attack patterns related to this CWE.