Skip to content

Commit bb7a7eb

Browse files
cve-teamcve-team
committed
"-Synchronized-Data."
1 parent 8fae933 commit bb7a7eb

File tree

4 files changed

+379
-8
lines changed

4 files changed

+379
-8
lines changed

2023/36xxx/CVE-2023-36608.json

+137-4
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,150 @@
11
{
2+
"data_version": "4.0",
23
"data_type": "CVE",
34
"data_format": "MITRE",
4-
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2023-36608",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
99
},
1010
"description": {
1111
"description_data": [
1212
{
1313
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
14+
"value": "\nThe affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm."
15+
}
16+
]
17+
},
18+
"problemtype": {
19+
"problemtype_data": [
20+
{
21+
"description": [
22+
{
23+
"lang": "eng",
24+
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
25+
"cweId": "CWE-327"
26+
}
27+
]
28+
}
29+
]
30+
},
31+
"affects": {
32+
"vendor": {
33+
"vendor_data": [
34+
{
35+
"vendor_name": "Ovarro",
36+
"product": {
37+
"product_data": [
38+
{
39+
"product_name": "TBox MS-CPU32",
40+
"version": {
41+
"version_data": [
42+
{
43+
"version_affected": "<=",
44+
"version_name": "1.46",
45+
"version_value": "1.50.598"
46+
}
47+
]
48+
}
49+
},
50+
{
51+
"product_name": "\u200bTBox MS-CPU32-S2",
52+
"version": {
53+
"version_data": [
54+
{
55+
"version_affected": "<=",
56+
"version_name": "1.46",
57+
"version_value": "1.50.598"
58+
}
59+
]
60+
}
61+
},
62+
{
63+
"product_name": "TBox LT2",
64+
"version": {
65+
"version_data": [
66+
{
67+
"version_affected": "<=",
68+
"version_name": "1.46",
69+
"version_value": "1.50.598"
70+
}
71+
]
72+
}
73+
},
74+
{
75+
"product_name": "TBox TG2",
76+
"version": {
77+
"version_data": [
78+
{
79+
"version_affected": "<=",
80+
"version_name": "1.46",
81+
"version_value": "1.50.598"
82+
}
83+
]
84+
}
85+
},
86+
{
87+
"product_name": "TBox RM2",
88+
"version": {
89+
"version_data": [
90+
{
91+
"version_affected": "<=",
92+
"version_name": "1.46",
93+
"version_value": "1.50.598"
94+
}
95+
]
96+
}
97+
}
98+
]
99+
}
100+
}
101+
]
102+
}
103+
},
104+
"references": {
105+
"reference_data": [
106+
{
107+
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
108+
"refsource": "MISC",
109+
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
110+
}
111+
]
112+
},
113+
"generator": {
114+
"engine": "Vulnogram 0.1.0-dev"
115+
},
116+
"source": {
117+
"discovery": "UNKNOWN"
118+
},
119+
"credits": [
120+
{
121+
"lang": "en",
122+
"value": "Floris Hendriks"
123+
},
124+
{
125+
"lang": "en",
126+
"value": "Jeroen Wijenbergh"
127+
},
128+
{
129+
"lang": "en",
130+
"value": "Radboud University"
131+
}
132+
],
133+
"impact": {
134+
"cvss": [
135+
{
136+
"attackComplexity": "LOW",
137+
"attackVector": "NETWORK",
138+
"availabilityImpact": "NONE",
139+
"baseScore": 6.5,
140+
"baseSeverity": "MEDIUM",
141+
"confidentialityImpact": "HIGH",
142+
"integrityImpact": "NONE",
143+
"privilegesRequired": "LOW",
144+
"scope": "UNCHANGED",
145+
"userInteraction": "NONE",
146+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
147+
"version": "3.1"
15148
}
16149
]
17150
}

2023/36xxx/CVE-2023-36609.json

+137-4
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,150 @@
11
{
2+
"data_version": "4.0",
23
"data_type": "CVE",
34
"data_format": "MITRE",
4-
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2023-36609",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
99
},
1010
"description": {
1111
"description_data": [
1212
{
1313
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
14+
"value": "\nThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\n\n"
15+
}
16+
]
17+
},
18+
"problemtype": {
19+
"problemtype_data": [
20+
{
21+
"description": [
22+
{
23+
"lang": "eng",
24+
"value": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
25+
"cweId": "CWE-829"
26+
}
27+
]
28+
}
29+
]
30+
},
31+
"affects": {
32+
"vendor": {
33+
"vendor_data": [
34+
{
35+
"vendor_name": "Ovarro",
36+
"product": {
37+
"product_data": [
38+
{
39+
"product_name": "TBox MS-CPU32",
40+
"version": {
41+
"version_data": [
42+
{
43+
"version_affected": "<=",
44+
"version_name": "0",
45+
"version_value": "1.50.598"
46+
}
47+
]
48+
}
49+
},
50+
{
51+
"product_name": "\u200bTBox MS-CPU32-S2",
52+
"version": {
53+
"version_data": [
54+
{
55+
"version_affected": "<=",
56+
"version_name": "0",
57+
"version_value": "1.50.598"
58+
}
59+
]
60+
}
61+
},
62+
{
63+
"product_name": "TBox LT2",
64+
"version": {
65+
"version_data": [
66+
{
67+
"version_affected": "<=",
68+
"version_name": "0",
69+
"version_value": "1.50.598"
70+
}
71+
]
72+
}
73+
},
74+
{
75+
"product_name": "TBox TG2",
76+
"version": {
77+
"version_data": [
78+
{
79+
"version_affected": "<=",
80+
"version_name": "0",
81+
"version_value": "1.50.598"
82+
}
83+
]
84+
}
85+
},
86+
{
87+
"product_name": "TBox RM2",
88+
"version": {
89+
"version_data": [
90+
{
91+
"version_affected": "<=",
92+
"version_name": "0",
93+
"version_value": "1.50.598"
94+
}
95+
]
96+
}
97+
}
98+
]
99+
}
100+
}
101+
]
102+
}
103+
},
104+
"references": {
105+
"reference_data": [
106+
{
107+
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
108+
"refsource": "MISC",
109+
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
110+
}
111+
]
112+
},
113+
"generator": {
114+
"engine": "Vulnogram 0.1.0-dev"
115+
},
116+
"source": {
117+
"discovery": "UNKNOWN"
118+
},
119+
"credits": [
120+
{
121+
"lang": "en",
122+
"value": "Floris Hendriks"
123+
},
124+
{
125+
"lang": "en",
126+
"value": "Jeroen Wijenbergh"
127+
},
128+
{
129+
"lang": "en",
130+
"value": "Radboud University"
131+
}
132+
],
133+
"impact": {
134+
"cvss": [
135+
{
136+
"attackComplexity": "LOW",
137+
"attackVector": "NETWORK",
138+
"availabilityImpact": "HIGH",
139+
"baseScore": 7.2,
140+
"baseSeverity": "HIGH",
141+
"confidentialityImpact": "HIGH",
142+
"integrityImpact": "HIGH",
143+
"privilegesRequired": "HIGH",
144+
"scope": "UNCHANGED",
145+
"userInteraction": "NONE",
146+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
147+
"version": "3.1"
15148
}
16149
]
17150
}

2023/37xxx/CVE-2023-37377.json

+18
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
{
2+
"data_type": "CVE",
3+
"data_format": "MITRE",
4+
"data_version": "4.0",
5+
"CVE_data_meta": {
6+
"ID": "CVE-2023-37377",
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "RESERVED"
9+
},
10+
"description": {
11+
"description_data": [
12+
{
13+
"lang": "eng",
14+
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
15+
}
16+
]
17+
}
18+
}

0 commit comments

Comments
 (0)