Vulnerability-Lookup

CVE-2022-38767 (GCVE-0-2022-38767)

Vulnerability from cvelistv5 – Published: 2022-11-25 00:00 – Updated: 2026-04-14 08:58

Summary

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

URL

Tags

	https://windriver.com
	https://support2.windriver.com/index.php?page=cve…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T11:02:14.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://windriver.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-38767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T18:43:40.135126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-25T18:44:18.928Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MD85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MD86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MD89 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.64",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MU85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.90",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7KE85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SA86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SA87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SD86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SD87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SJ85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SJ86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SK85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SL86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SL87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SS85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7ST85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V8.81",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7ST86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V9.20",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SX85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V8.30",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UM85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UT85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UT86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UT87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7VE85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7VK87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 Communication Module ETH-BD-2FO",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 Compact 7SX800 (CP050)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.30",
                "status": "affected",
                "version": "V8.70",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T08:58:05.041Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-726834.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-25T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://windriver.com"
        },
        {
          "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-38767",
    "datePublished": "2022-11-25T00:00:00.000Z",
    "dateReserved": "2022-08-25T00:00:00.000Z",
    "dateUpdated": "2026-04-14T08:58:05.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-38767",
      "date": "2026-04-15",
      "epss": "0.00501",
      "percentile": "0.66037"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.9\", \"versionEndExcluding\": \"6.9.4.12\", \"matchCriteriaId\": \"2E27E761-92D8-4A67-8D23-213E0C7BFFC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"69674D4D-2848-46BA-9367-7AA85EE2CD99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AABF1E5-DA6B-462D-A047-EC843F94568E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer3:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C6D5D36-9CD0-4F54-B486-2FA1ECDFA8A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer4:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D9DC783-9D1E-4478-83DF-CF38774B4CF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer5:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF75490C-3BC7-46C2-9FB6-BBA317185023\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4810B35-06F6-4971-BE87-A30B1CF58AA0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en Wind River VxWorks 6.9 y 7, que permite que un paquete espec\\u00edficamente manipulado enviado por un servidor Radius pueda causar denegaci\\u00f3n de servicio durante el procedimiento de acceso a IP Radius.\"}]",
      "id": "CVE-2022-38767",
      "lastModified": "2024-11-21T07:17:02.893",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-11-25T15:15:10.453",
      "references": "[{\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://windriver.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://windriver.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-38767\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-11-25T15:15:10.453\",\"lastModified\":\"2026-04-14T10:16:25.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Wind River VxWorks 6.9 y 7, que permite que un paquete espec\u00edficamente manipulado enviado por un servidor Radius pueda causar denegaci\u00f3n de servicio durante el procedimiento de acceso a IP Radius.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.4.12\",\"matchCriteriaId\":\"2E27E761-92D8-4A67-8D23-213E0C7BFFC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"69674D4D-2848-46BA-9367-7AA85EE2CD99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AABF1E5-DA6B-462D-A047-EC843F94568E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C6D5D36-9CD0-4F54-B486-2FA1ECDFA8A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D9DC783-9D1E-4478-83DF-CF38774B4CF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer5:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF75490C-3BC7-46C2-9FB6-BBA317185023\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4810B35-06F6-4971-BE87-A30B1CF58AA0\"}]}]}],\"references\":[{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://windriver.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://windriver.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-726834.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://windriver.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T11:02:14.648Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD89 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.64\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MU85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.90\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7KE85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SK85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SS85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7ST85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.81\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7ST86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V9.20\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SX85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.30\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UM85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7VE85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7VK87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Communication Module ETH-BD-2FO\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Compact 7SX800 (CP050)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.70\", \"lessThan\": \"V9.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-726834.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-04-14T08:58:05.041Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-38767\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T18:43:40.135126Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T18:44:09.625Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://windriver.com\"}, {\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-11-25T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-38767\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-14T08:58:05.041Z\", \"dateReserved\": \"2022-08-25T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-11-25T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2022-38767

Vulnerability from fkie_nvd - Published: 2022-11-25 15:15 - Updated: 2026-04-14 10:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.

References

URL	Tags
cve@mitre.org	https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767	Vendor Advisory
cve@mitre.org	https://windriver.com	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://windriver.com	Vendor Advisory
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	https://cert-portal.siemens.com/productcert/html/ssa-726834.html

Impacted products

Vendor	Product	Version
windriver	vxworks	*
windriver	vxworks	6.9.4.12
windriver	vxworks	6.9.4.12
windriver	vxworks	6.9.4.12
windriver	vxworks	6.9.4.12
windriver	vxworks	6.9.4.12
windriver	vxworks	6.9.4.12
windriver	vxworks	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E27E761-92D8-4A67-8D23-213E0C7BFFC6",
              "versionEndExcluding": "6.9.4.12",
              "versionStartIncluding": "6.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*",
              "matchCriteriaId": "69674D4D-2848-46BA-9367-7AA85EE2CD99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*",
              "matchCriteriaId": "1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*",
              "matchCriteriaId": "7AABF1E5-DA6B-462D-A047-EC843F94568E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer3:*:*:*:*:*:*",
              "matchCriteriaId": "4C6D5D36-9CD0-4F54-B486-2FA1ECDFA8A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer4:*:*:*:*:*:*",
              "matchCriteriaId": "6D9DC783-9D1E-4478-83DF-CF38774B4CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer5:*:*:*:*:*:*",
              "matchCriteriaId": "AF75490C-3BC7-46C2-9FB6-BBA317185023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4810B35-06F6-4971-BE87-A30B1CF58AA0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Wind River VxWorks 6.9 y 7, que permite que un paquete espec\u00edficamente manipulado enviado por un servidor Radius pueda causar denegaci\u00f3n de servicio durante el procedimiento de acceso a IP Radius."
    }
  ],
  "id": "CVE-2022-38767",
  "lastModified": "2026-04-14T10:16:25.027",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-25T15:15:10.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://windriver.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://windriver.com"
    },
    {
      "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-726834.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-38767

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.

Aliases

CVE-2022-38767

Aliases

CVE-2022-38767

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-38767",
    "description": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.",
    "id": "GSD-2022-38767"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-38767"
      ],
      "details": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.",
      "id": "GSD-2022-38767",
      "modified": "2023-12-13T01:19:21.973517Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-38767",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://windriver.com",
            "refsource": "MISC",
            "url": "https://windriver.com"
          },
          {
            "name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767",
            "refsource": "MISC",
            "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.9.4.12",
                "versionStartIncluding": "6.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-38767"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767"
            },
            {
              "name": "https://windriver.com",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://windriver.com"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-12-01T13:49Z",
      "publishedDate": "2022-11-25T15:15Z"
    }
  }
}

WID-SEC-W-2022-2180

Vulnerability from csaf_certbund - Published: 2022-11-27 23:00 - Updated: 2023-03-21 23:00

Summary

Wind River VxWorks: Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: VxWorks ist ein proprietäres Echtzeitbetriebssystem, das von Wind River Systems entwickelt wird.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Wind River VxWorks ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2022-38767

Es existiert eine Schwachstelle in Wind River VxWorks. Es ist möglich durch das Senden eines manipulierten Radius Paketes einen Absturz zu verursachen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen.

References

URL

BDU:2023-01788

Vulnerability from fstec - Published: 14.03.2023

Title

Уязвимость операционных систем реального времени Wind River VxWorks, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость операционных систем реального времени Wind River VxWorks связана с выполнением цикла с недоступным условием выхода. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании в результате отправки специально созданного пакета сервером RADIUS

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Wind River Systems, Inc., Siemens AG

Software Name

VxWorks, SIPROTEC 5 6MD85 (CP300), SIPROTEC 5 6MD86 (CP300), SIPROTEC 5 6MD89 (CP300), SIPROTEC 5 6MU85 (CP300), SIPROTEC 5 7KE85 (CP300), SIPROTEC 5 7SA86 (CP300), SIPROTEC 5 7SA87 (CP300), SIPROTEC 5 7SD86 (CP300), SIPROTEC 5 7SD87 (CP300), SIPROTEC 5 7SJ85 (CP300), SIPROTEC 5 7SJ86 (CP300), SIPROTEC 5 7SK85 (CP300), SIPROTEC 5 7SL86 (CP300), SIPROTEC 5 7SL87 (CP300), SIPROTEC 5 7SS85 (CP300), SIPROTEC 5 7UM85 (CP300), SIPROTEC 5 7UT85 (CP300), SIPROTEC 5 7UT86 (CP300), SIPROTEC 5 7UT87 (CP300), SIPROTEC 5 7VK87 (CP300), SIPROTEC 5 Communication Module ETH-BB2FO, SIPROTEC 5 Compact 7SX800 (CP050)

Software Version

6.9 (VxWorks), 7 (VxWorks), от 7.80 до 9.30 (SIPROTEC 5 6MD85 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 6MD86 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 6MD89 (CP300)), от 7.90 до 9.30 (SIPROTEC 5 6MU85 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7KE85 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SA86 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SA87 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SD86 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SD87 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SJ85 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SJ86 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SK85 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SL86 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SL87 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7SS85 (CP300)), от 8.30 до 9.30 (SIPROTEC 5 7UM85 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7UT85 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7UT86 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7UT87 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 7VK87 (CP300)), от 7.80 до 9.30 (SIPROTEC 5 Communication Module ETH-BB2FO), от 8.70 до 9.30 (SIPROTEC 5 Compact 7SX800 (CP050))

Possible Mitigations

Использование рекомендаций производителя: Для операционных систем реального времени Wind River VxWorks: https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767 Для устройств релейной защиты SIPROTEC: https://cert-portal.siemens.com/productcert/pdf/ssa-726834.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-726834.pdf https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767 https://windriver.com

CWE

CWE-835

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Wind River Systems, Inc., Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6.9 (VxWorks), 7 (VxWorks), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 6MD85 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 6MD86 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 6MD89 (CP300)), \u043e\u0442 7.90 \u0434\u043e 9.30 (SIPROTEC 5 6MU85 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7KE85 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SA86 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SA87 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SD86 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SD87 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SJ85 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SJ86 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SK85 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SL86 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SL87 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7SS85 (CP300)), \u043e\u0442 8.30 \u0434\u043e 9.30 (SIPROTEC 5 7UM85 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7UT85 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7UT86 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7UT87 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 7VK87 (CP300)), \u043e\u0442 7.80 \u0434\u043e 9.30 (SIPROTEC 5 Communication Module ETH-BB2FO), \u043e\u0442 8.70 \u0434\u043e 9.30 (SIPROTEC 5 Compact 7SX800 (CP050))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 Wind River VxWorks:\nhttps://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767 \n\n\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0440\u0435\u043b\u0435\u0439\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b SIPROTEC:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-726834.pdf",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.03.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "02.04.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.04.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01788",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-38767",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "VxWorks, SIPROTEC 5 6MD85 (CP300), SIPROTEC 5 6MD86 (CP300), SIPROTEC 5 6MD89 (CP300), SIPROTEC 5 6MU85 (CP300), SIPROTEC 5 7KE85 (CP300), SIPROTEC 5 7SA86 (CP300), SIPROTEC 5 7SA87 (CP300), SIPROTEC 5 7SD86 (CP300), SIPROTEC 5 7SD87 (CP300), SIPROTEC 5 7SJ85 (CP300), SIPROTEC 5 7SJ86 (CP300), SIPROTEC 5 7SK85 (CP300), SIPROTEC 5 7SL86 (CP300), SIPROTEC 5 7SL87 (CP300), SIPROTEC 5 7SS85 (CP300), SIPROTEC 5 7UM85 (CP300), SIPROTEC 5 7UT85 (CP300), SIPROTEC 5 7UT86 (CP300), SIPROTEC 5 7UT87 (CP300), SIPROTEC 5 7VK87 (CP300), SIPROTEC 5 Communication Module ETH-BB2FO, SIPROTEC 5 Compact 7SX800 (CP050)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Wind River Systems, Inc. VxWorks 6.9 , Wind River Systems, Inc. VxWorks 7 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 Wind River VxWorks, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430 (\u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0439 \u0446\u0438\u043a\u043b) (CWE-835)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 Wind River VxWorks \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c RADIUS",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-726834.pdf\nhttps://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767 \nhttps://windriver.com",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-835",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CERTFR-2023-AVI-0220

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SINEC NMS
Siemens	N/A	De nombreuses références SCALANCE et SIPROTEC (se référer aux bulletins de sécurité de l'éditeur pour les versions affectées)
Siemens	N/A	RUGGEDCOM CROSSBOW versions antérieures à V5.3
Siemens	N/A	Mendix SAML (Mendix 9 compatible, New Track) versions 3.1.9 à 3.2.x antérieures à V3.3.0
Siemens	N/A	Mendix SAML (Mendix 7 compatible) versions antérieures à V1.17.3
Siemens	N/A	Mendix SAML (Mendix 8 compatible) versions antérieures à V2.3.0
Siemens	N/A	SINEMA Server V14
Siemens	N/A	Mendix SAML (Mendix 9 compatible, Upgrade Track) versions 3.1.9 à 3.2.x antérieures à V3.3.0
Siemens	N/A	RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) et NAM (6GK6108-4AM00-2DA2) versions antérieures à V7.2

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-419740 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-320629 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-250085 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-203374 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-851884 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-565386 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-260625 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-726834 du 14 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SINEC NMS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "De nombreuses r\u00e9f\u00e9rences SCALANCE et SIPROTEC (se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM CROSSBOW versions ant\u00e9rieures \u00e0 V5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 9 compatible, New Track) versions 3.1.9 \u00e0 3.2.x ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V1.17.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V2.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server V14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 9 compatible, Upgrade Track) versions 3.1.9 \u00e0 3.2.x ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) et NAM (6GK6108-4AM00-2DA2) versions ant\u00e9rieures \u00e0 V7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2019-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
    },
    {
      "name": "CVE-2021-42384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2021-42378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
    },
    {
      "name": "CVE-2022-30594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
    },
    {
      "name": "CVE-2021-42382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
    },
    {
      "name": "CVE-2021-42376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
    },
    {
      "name": "CVE-2022-24282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24282"
    },
    {
      "name": "CVE-2019-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
    },
    {
      "name": "CVE-2022-28356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28356"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2018-12886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12886"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-32296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
    },
    {
      "name": "CVE-2022-2380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2380"
    },
    {
      "name": "CVE-2021-42373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42373"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2021-42377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42377"
    },
    {
      "name": "CVE-2022-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
    },
    {
      "name": "CVE-2022-24281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24281"
    },
    {
      "name": "CVE-2022-23037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23037"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-23395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23395"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2022-23042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23042"
    },
    {
      "name": "CVE-2023-25957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25957"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2021-42386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
    },
    {
      "name": "CVE-2022-2639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2639"
    },
    {
      "name": "CVE-2021-42380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
    },
    {
      "name": "CVE-2022-38767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38767"
    },
    {
      "name": "CVE-2021-42374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
    },
    {
      "name": "CVE-2022-23036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23036"
    },
    {
      "name": "CVE-2022-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0002"
    },
    {
      "name": "CVE-2023-27462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27462"
    },
    {
      "name": "CVE-2022-1016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
    },
    {
      "name": "CVE-2022-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
    },
    {
      "name": "CVE-2022-23038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23038"
    },
    {
      "name": "CVE-2023-27309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27309"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2022-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
    },
    {
      "name": "CVE-2021-42379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
    },
    {
      "name": "CVE-2022-23039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23039"
    },
    {
      "name": "CVE-2021-42381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
    },
    {
      "name": "CVE-2022-23040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23040"
    },
    {
      "name": "CVE-2022-1304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
    },
    {
      "name": "CVE-2022-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
    },
    {
      "name": "CVE-2021-26401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26401"
    },
    {
      "name": "CVE-2022-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
    },
    {
      "name": "CVE-2021-42383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
    },
    {
      "name": "CVE-2022-23041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23041"
    },
    {
      "name": "CVE-2022-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32981"
    },
    {
      "name": "CVE-2022-26490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26490"
    },
    {
      "name": "CVE-2022-36946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
    },
    {
      "name": "CVE-2022-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0001"
    },
    {
      "name": "CVE-2021-42385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
    },
    {
      "name": "CVE-2022-23308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
    },
    {
      "name": "CVE-2022-36879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
    },
    {
      "name": "CVE-2022-1353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
    },
    {
      "name": "CVE-2022-2588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
    },
    {
      "name": "CVE-2019-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
    },
    {
      "name": "CVE-2021-4149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2022-1199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1199"
    },
    {
      "name": "CVE-2021-42375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
    },
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    },
    {
      "name": "CVE-2022-28390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28390"
    },
    {
      "name": "CVE-2022-33981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
    },
    {
      "name": "CVE-2022-1974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
    },
    {
      "name": "CVE-2023-27310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27310"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    },
    {
      "name": "CVE-2022-25311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25311"
    },
    {
      "name": "CVE-2022-1516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1516"
    },
    {
      "name": "CVE-2023-27463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27463"
    },
    {
      "name": "CVE-2022-1198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1198"
    },
    {
      "name": "CVE-2022-20158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20158"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0220",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-419740 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-419740.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-320629 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-320629.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-250085 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-250085.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-203374 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-203374.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-851884 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-851884.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-565386 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-565386.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-260625 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-260625.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-726834 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-726834.html"
    }
  ]
}

CERTFR-2023-AVI-0220

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SINEC NMS
Siemens	N/A	De nombreuses références SCALANCE et SIPROTEC (se référer aux bulletins de sécurité de l'éditeur pour les versions affectées)
Siemens	N/A	RUGGEDCOM CROSSBOW versions antérieures à V5.3
Siemens	N/A	Mendix SAML (Mendix 9 compatible, New Track) versions 3.1.9 à 3.2.x antérieures à V3.3.0
Siemens	N/A	Mendix SAML (Mendix 7 compatible) versions antérieures à V1.17.3
Siemens	N/A	Mendix SAML (Mendix 8 compatible) versions antérieures à V2.3.0
Siemens	N/A	SINEMA Server V14
Siemens	N/A	Mendix SAML (Mendix 9 compatible, Upgrade Track) versions 3.1.9 à 3.2.x antérieures à V3.3.0
Siemens	N/A	RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) et NAM (6GK6108-4AM00-2DA2) versions antérieures à V7.2

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-419740 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-320629 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-250085 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-203374 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-851884 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-565386 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-260625 du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-726834 du 14 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SINEC NMS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "De nombreuses r\u00e9f\u00e9rences SCALANCE et SIPROTEC (se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM CROSSBOW versions ant\u00e9rieures \u00e0 V5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 9 compatible, New Track) versions 3.1.9 \u00e0 3.2.x ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V1.17.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V2.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server V14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 9 compatible, Upgrade Track) versions 3.1.9 \u00e0 3.2.x ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) et NAM (6GK6108-4AM00-2DA2) versions ant\u00e9rieures \u00e0 V7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2019-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
    },
    {
      "name": "CVE-2021-42384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2021-42378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
    },
    {
      "name": "CVE-2022-30594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
    },
    {
      "name": "CVE-2021-42382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
    },
    {
      "name": "CVE-2021-42376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
    },
    {
      "name": "CVE-2022-24282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24282"
    },
    {
      "name": "CVE-2019-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
    },
    {
      "name": "CVE-2022-28356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28356"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2018-12886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12886"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-32296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
    },
    {
      "name": "CVE-2022-2380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2380"
    },
    {
      "name": "CVE-2021-42373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42373"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2021-42377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42377"
    },
    {
      "name": "CVE-2022-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
    },
    {
      "name": "CVE-2022-24281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24281"
    },
    {
      "name": "CVE-2022-23037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23037"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-23395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23395"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2022-23042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23042"
    },
    {
      "name": "CVE-2023-25957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25957"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2021-42386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
    },
    {
      "name": "CVE-2022-2639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2639"
    },
    {
      "name": "CVE-2021-42380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
    },
    {
      "name": "CVE-2022-38767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38767"
    },
    {
      "name": "CVE-2021-42374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
    },
    {
      "name": "CVE-2022-23036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23036"
    },
    {
      "name": "CVE-2022-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0002"
    },
    {
      "name": "CVE-2023-27462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27462"
    },
    {
      "name": "CVE-2022-1016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
    },
    {
      "name": "CVE-2022-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
    },
    {
      "name": "CVE-2022-23038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23038"
    },
    {
      "name": "CVE-2023-27309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27309"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2022-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
    },
    {
      "name": "CVE-2021-42379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
    },
    {
      "name": "CVE-2022-23039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23039"
    },
    {
      "name": "CVE-2021-42381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
    },
    {
      "name": "CVE-2022-23040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23040"
    },
    {
      "name": "CVE-2022-1304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
    },
    {
      "name": "CVE-2022-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
    },
    {
      "name": "CVE-2021-26401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26401"
    },
    {
      "name": "CVE-2022-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
    },
    {
      "name": "CVE-2021-42383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
    },
    {
      "name": "CVE-2022-23041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23041"
    },
    {
      "name": "CVE-2022-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32981"
    },
    {
      "name": "CVE-2022-26490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26490"
    },
    {
      "name": "CVE-2022-36946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
    },
    {
      "name": "CVE-2022-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0001"
    },
    {
      "name": "CVE-2021-42385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
    },
    {
      "name": "CVE-2022-23308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
    },
    {
      "name": "CVE-2022-36879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
    },
    {
      "name": "CVE-2022-1353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
    },
    {
      "name": "CVE-2022-2588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
    },
    {
      "name": "CVE-2019-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
    },
    {
      "name": "CVE-2021-4149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2022-1199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1199"
    },
    {
      "name": "CVE-2021-42375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
    },
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    },
    {
      "name": "CVE-2022-28390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28390"
    },
    {
      "name": "CVE-2022-33981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
    },
    {
      "name": "CVE-2022-1974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
    },
    {
      "name": "CVE-2023-27310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27310"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    },
    {
      "name": "CVE-2022-25311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25311"
    },
    {
      "name": "CVE-2022-1516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1516"
    },
    {
      "name": "CVE-2023-27463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27463"
    },
    {
      "name": "CVE-2022-1198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1198"
    },
    {
      "name": "CVE-2022-20158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20158"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0220",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-419740 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-419740.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-320629 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-320629.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-250085 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-250085.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-203374 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-203374.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-851884 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-851884.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-565386 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-565386.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-260625 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-260625.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-726834 du 14 mars 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-726834.html"
    }
  ]
}

SSA-726834

Vulnerability from csaf_siemens - Published: 2023-03-14 00:00 - Updated: 2026-04-14 00:00

Summary

SSA-726834: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices

Notes

Summary: The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial of service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server. Siemens has released new versions for the affected products and recommends to update to the latest versions.

General Recommendations: Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment. Recommended security guidelines can be found at: https://www.siemens.com/gridsecurity

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

CVE-2022-38767

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Mitigation Ensure that only a trusted, properly hardened RADIUS server is configured in your environment

Mitigation Protect the pre-shared key for RADIUS from unauthorized access

Vendor Fix Update to V9.30 or later version https://support.industry.siemens.com/cs/ww/en/vie…

Vendor Fix Update to V9.64 or later version https://support.industry.siemens.com/cs/ww/en/vie…

Vendor Fix Update to V9.30 or later version https://support.industry.siemens.com/cs/ww/en/vie…

References

URL

ICSA-23-080-04

Vulnerability from csaf_cisa - Published: 2023-03-14 00:00 - Updated: 2023-03-14 00:00

Summary

Siemens RADIUS Client of SIPROTEC 5 Devices

Notes

Summary: The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial of service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server. Siemens has released updates for the affected products and recommends to update to the latest versions.

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.

Critical infrastructure sectors: Multiple

Countries/areas deployed: Worldwide

Company headquarters location: Germany

Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CVE-2022-38767

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Mitigation Ensure that only a trusted, properly hardened RADIUS server is configured in your environment

Mitigation Protect the pre-shared key for RADIUS from unauthorized access

No Fix Planned Currently no fix is planned

Vendor Fix Update to V9.30 or later version https://support.industry.siemens.com/cs/ww/en/vie…

References

URL

GHSA-PX5Q-X4WP-PG95

Vulnerability from github – Published: 2022-11-25 15:30 – Updated: 2026-04-14 12:31

Details

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-38767"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-25T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.",
  "id": "GHSA-px5q-x4wp-pg95",
  "modified": "2026-04-14T12:31:28Z",
  "published": "2022-11-25T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38767"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-726834.html"
    },
    {
      "type": "WEB",
      "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2022-38767"
    },
    {
      "type": "WEB",
      "url": "https://windriver.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-38767 (GCVE-0-2022-38767)

Solution

Solution

Tags

Sightings

Nomenclature