CWE-141
Improper Neutralization of Parameter/Argument Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.
CVE-2020-7868 (GCVE-0-2020-7868)
Vulnerability from cvelistv5
Published
2021-06-29 13:39
Modified
2024-08-04 09:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Summary
A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "helpu.ocx",
"vendor": "HelpU",
"versions": [
{
"lessThanOrEqual": "2020.06.27",
"status": "affected",
"version": "2020.6.27.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T13:39:21",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Helpu remote code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7868",
"STATE": "PUBLIC",
"TITLE": "Helpu remote code execution vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "helpu.ocx",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "2020.6.27.1",
"version_value": "2020.06.27"
}
]
}
}
]
},
"vendor_name": "HelpU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7868",
"datePublished": "2021-06-29T13:39:21",
"dateReserved": "2020-01-22T00:00:00",
"dateUpdated": "2024-08-04T09:41:01.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29872 (GCVE-0-2022-29872)
Vulnerability from cvelistv5
Published
2022-05-10 09:47
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Summary
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SICAM P850 |
Version: All versions < V3.00 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T09:47:15",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29872",
"datePublished": "2022-05-10T09:47:15",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:33:43.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29873 (GCVE-0-2022-29873)
Vulnerability from cvelistv5
Published
2022-05-10 09:47
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Summary
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SICAM P850 |
Version: All versions < V3.00 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T09:47:16",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29873",
"datePublished": "2022-05-10T09:47:16",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41665 (GCVE-0-2022-41665)
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-04-21 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Summary
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | SICAM P850 |
Version: All versions < V3.10 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:10:56.862942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:48:05.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T08:16:55.403Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-41665",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-09-27T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:48:05.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0840 (GCVE-0-2024-0840)
Vulnerability from cvelistv5
Published
2024-04-29 18:42
Modified
2024-08-01 18:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Summary
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Grandstream | UCM Series |
Version: 0 < <1.0.20.52 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6202_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6204_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6208_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6510_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T19:17:53.854809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:09:24.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UCM Series",
"vendor": "Grandstream",
"versions": [
{
"lessThan": "\u003c1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines (VulnCheck)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\u003cbr\u003e"
}
],
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T18:42:57.112Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\u003cbr\u003e"
}
],
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-25T17:00:00.000Z",
"value": "VulnCheck reports the vulnerability to Grandstream"
},
{
"lang": "en",
"time": "2024-01-26T02:00:00.000Z",
"value": "Grandstream acknowledges receipt"
},
{
"lang": "en",
"time": "2024-02-08T04:42:00.000Z",
"value": "Grandstream shares a patch build"
},
{
"lang": "en",
"time": "2024-04-26T04:11:00.000Z",
"value": "Grandstream releases 1.0.20.52"
}
],
"title": "Grandstream UCM Series IP PBX HTTP Parameter Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0840",
"datePublished": "2024-04-29T18:42:57.112Z",
"dateReserved": "2024-01-23T21:10:19.364Z",
"dateUpdated": "2024-08-01T18:18:18.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20338 (GCVE-0-2025-20338)
Vulnerability from cvelistv5
Published
2025-09-24 17:14
Modified
2025-09-25 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Summary
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Version: 3.5.0E Version: 3.5.1E Version: 3.5.2E Version: 3.5.3E Version: 3.11.1S Version: 3.11.2S Version: 3.11.0S Version: 3.11.3S Version: 3.11.4S Version: 3.12.0S Version: 3.12.1S Version: 3.12.2S Version: 3.12.3S Version: 3.12.0aS Version: 3.12.4S Version: 3.13.0S Version: 3.13.1S Version: 3.13.2S Version: 3.13.3S Version: 3.13.4S Version: 3.13.5S Version: 3.13.2aS Version: 3.13.0aS Version: 3.13.5aS Version: 3.13.6S Version: 3.13.7S Version: 3.13.6aS Version: 3.13.7aS Version: 3.13.8S Version: 3.13.9S Version: 3.13.10S Version: 3.6.0E Version: 3.6.1E Version: 3.6.2aE Version: 3.6.2E Version: 3.6.3E Version: 3.6.4E Version: 3.6.5E Version: 3.6.6E Version: 3.6.5aE Version: 3.6.7E Version: 3.6.8E Version: 3.6.7bE Version: 3.6.9E Version: 3.6.10E Version: 3.14.0S Version: 3.14.1S Version: 3.14.2S Version: 3.14.3S Version: 3.14.4S Version: 3.15.0S Version: 3.15.1S Version: 3.15.2S Version: 3.15.1cS Version: 3.15.3S Version: 3.15.4S Version: 3.7.0E Version: 3.7.1E Version: 3.7.2E Version: 3.7.3E Version: 3.7.4E Version: 3.7.5E Version: 3.5.0SQ Version: 3.5.1SQ Version: 3.5.2SQ Version: 3.5.3SQ Version: 3.5.4SQ Version: 3.5.5SQ Version: 3.5.6SQ Version: 3.5.7SQ Version: 3.5.8SQ Version: 3.16.0S Version: 3.16.1S Version: 3.16.1aS Version: 3.16.2S Version: 3.16.2aS Version: 3.16.0cS Version: 3.16.3S Version: 3.16.2bS Version: 3.16.3aS Version: 3.16.4S Version: 3.16.4aS Version: 3.16.4bS Version: 3.16.5S Version: 3.16.4dS Version: 3.16.6S Version: 3.16.7S Version: 3.16.6bS Version: 3.16.7aS Version: 3.16.7bS Version: 3.16.8S Version: 3.16.9S Version: 3.16.10S Version: 3.17.0S Version: 3.17.1S Version: 3.17.2S Version: 3.17.1aS Version: 3.17.3S Version: 3.17.4S Version: 3.8.0E Version: 3.8.1E Version: 3.8.2E Version: 3.8.3E Version: 3.8.4E Version: 3.8.5E Version: 3.8.5aE Version: 3.8.6E Version: 3.8.7E Version: 3.8.8E Version: 3.8.9E Version: 3.8.10E Version: 3.8.10eE Version: 3.18.0aS Version: 3.18.0S Version: 3.18.1S Version: 3.18.2S Version: 3.18.3S Version: 3.18.4S Version: 3.18.0SP Version: 3.18.1SP Version: 3.18.1aSP Version: 3.18.1bSP Version: 3.18.1cSP Version: 3.18.2SP Version: 3.18.2aSP Version: 3.18.3SP Version: 3.18.4SP Version: 3.18.3aSP Version: 3.18.3bSP Version: 3.18.5SP Version: 3.18.6SP Version: 3.18.7SP Version: 3.18.8aSP Version: 3.18.9SP Version: 3.9.0E Version: 3.9.1E Version: 3.9.2E Version: 16.6.1 Version: 16.6.2 Version: 16.6.3 Version: 16.6.4 Version: 16.6.5 Version: 16.6.4a Version: 16.6.5a Version: 16.6.6 Version: 16.6.7 Version: 16.6.8 Version: 16.6.9 Version: 16.6.10 Version: 16.7.1 Version: 16.7.1a Version: 16.7.1b Version: 16.7.2 Version: 16.7.3 Version: 16.7.4 Version: 16.8.1 Version: 16.8.1a Version: 16.8.1b Version: 16.8.1s Version: 16.8.1c Version: 16.8.1d Version: 16.8.2 Version: 16.8.1e Version: 16.8.3 Version: 16.9.1 Version: 16.9.2 Version: 16.9.1a Version: 16.9.1b Version: 16.9.1s Version: 16.9.3 Version: 16.9.4 Version: 16.9.3a Version: 16.9.5 Version: 16.9.5f Version: 16.9.6 Version: 16.9.7 Version: 16.9.8 Version: 16.10.1 Version: 16.10.1a Version: 16.10.1b Version: 16.10.1s Version: 16.10.1c Version: 16.10.1e Version: 16.10.1d Version: 16.10.2 Version: 16.10.1f Version: 16.10.1g Version: 16.10.3 Version: 3.10.0E Version: 3.10.1E Version: 3.10.0cE Version: 3.10.2E Version: 3.10.3E Version: 16.11.1 Version: 16.11.1a Version: 16.11.1b Version: 16.11.2 Version: 16.11.1s Version: 16.12.1 Version: 16.12.1s Version: 16.12.1a Version: 16.12.1c Version: 16.12.1w Version: 16.12.2 Version: 16.12.1y Version: 16.12.2a Version: 16.12.3 Version: 16.12.8 Version: 16.12.2s Version: 16.12.1x Version: 16.12.1t Version: 16.12.4 Version: 16.12.3s Version: 16.12.3a Version: 16.12.4a Version: 16.12.5 Version: 16.12.6 Version: 16.12.1z1 Version: 16.12.5a Version: 16.12.5b Version: 16.12.1z2 Version: 16.12.6a Version: 16.12.7 Version: 16.12.9 Version: 16.12.10 Version: 16.12.10a Version: 16.12.11 Version: 16.12.12 Version: 16.12.13 Version: 3.11.0E Version: 3.11.1E Version: 3.11.2E Version: 3.11.3E Version: 3.11.1aE Version: 3.11.4E Version: 3.11.3aE Version: 3.11.5E Version: 3.11.6E Version: 3.11.7E Version: 3.11.8E Version: 3.11.9E Version: 3.11.10E Version: 3.11.11E Version: 3.11.12E Version: 17.1.1 Version: 17.1.1a Version: 17.1.1s Version: 17.1.1t Version: 17.1.3 Version: 17.2.1 Version: 17.2.1r Version: 17.2.1a Version: 17.2.1v Version: 17.2.2 Version: 17.2.3 Version: 17.3.1 Version: 17.3.2 Version: 17.3.3 Version: 17.3.1a Version: 17.3.1w Version: 17.3.2a Version: 17.3.1x Version: 17.3.1z Version: 17.3.4 Version: 17.3.5 Version: 17.3.4a Version: 17.3.6 Version: 17.3.4b Version: 17.3.4c Version: 17.3.5a Version: 17.3.5b Version: 17.3.7 Version: 17.3.8 Version: 17.3.8a Version: 17.4.1 Version: 17.4.2 Version: 17.4.1a Version: 17.4.1b Version: 17.4.2a Version: 17.5.1 Version: 17.5.1a Version: 17.6.1 Version: 17.6.2 Version: 17.6.1w Version: 17.6.1a Version: 17.6.1x Version: 17.6.3 Version: 17.6.1y Version: 17.6.1z Version: 17.6.3a Version: 17.6.4 Version: 17.6.1z1 Version: 17.6.5 Version: 17.6.6 Version: 17.6.6a Version: 17.6.5a Version: 17.6.7 Version: 17.6.8 Version: 17.6.8a Version: 17.7.1 Version: 17.7.1a Version: 17.7.1b Version: 17.7.2 Version: 17.10.1 Version: 17.10.1a Version: 17.10.1b Version: 17.8.1 Version: 17.8.1a Version: 17.9.1 Version: 17.9.1w Version: 17.9.2 Version: 17.9.1a Version: 17.9.1x Version: 17.9.1y Version: 17.9.3 Version: 17.9.2a Version: 17.9.1x1 Version: 17.9.3a Version: 17.9.4 Version: 17.9.1y1 Version: 17.9.5 Version: 17.9.4a Version: 17.9.5a Version: 17.9.5b Version: 17.9.6 Version: 17.9.6a Version: 17.9.7 Version: 17.9.5e Version: 17.9.5f Version: 17.9.7a Version: 17.9.7b Version: 17.11.1 Version: 17.11.1a Version: 17.12.1 Version: 17.12.1w Version: 17.12.1a Version: 17.12.1x Version: 17.12.2 Version: 17.12.3 Version: 17.12.2a Version: 17.12.1y Version: 17.12.1z Version: 17.12.4 Version: 17.12.3a Version: 17.12.1z1 Version: 17.12.1z2 Version: 17.12.4a Version: 17.12.5 Version: 17.12.4b Version: 17.12.1z3 Version: 17.12.5a Version: 17.12.1z4 Version: 17.12.5b Version: 17.12.5c Version: 17.13.1 Version: 17.13.1a Version: 17.14.1 Version: 17.14.1a Version: 17.15.1 Version: 17.15.1w Version: 17.15.1a Version: 17.15.2 Version: 17.15.1b Version: 17.15.1x Version: 17.15.1z Version: 17.15.3 Version: 17.15.2c Version: 17.15.2a Version: 17.15.1y Version: 17.15.2b Version: 17.15.3a Version: 17.15.3b Version: 17.16.1 Version: 17.16.1a |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T03:55:59.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.0aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.13.10S"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.5.0SQ"
},
{
"status": "affected",
"version": "3.5.1SQ"
},
{
"status": "affected",
"version": "3.5.2SQ"
},
{
"status": "affected",
"version": "3.5.3SQ"
},
{
"status": "affected",
"version": "3.5.4SQ"
},
{
"status": "affected",
"version": "3.5.5SQ"
},
{
"status": "affected",
"version": "3.5.6SQ"
},
{
"status": "affected",
"version": "3.5.7SQ"
},
{
"status": "affected",
"version": "3.5.8SQ"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.16.8S"
},
{
"status": "affected",
"version": "3.16.9S"
},
{
"status": "affected",
"version": "3.16.10S"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "3.8.7E"
},
{
"status": "affected",
"version": "3.8.8E"
},
{
"status": "affected",
"version": "3.8.9E"
},
{
"status": "affected",
"version": "3.8.10E"
},
{
"status": "affected",
"version": "3.8.10eE"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "3.18.6SP"
},
{
"status": "affected",
"version": "3.18.7SP"
},
{
"status": "affected",
"version": "3.18.8aSP"
},
{
"status": "affected",
"version": "3.18.9SP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.6.5a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.6.7"
},
{
"status": "affected",
"version": "16.6.8"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.7.4"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.1e"
},
{
"status": "affected",
"version": "16.8.3"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.3a"
},
{
"status": "affected",
"version": "16.9.5"
},
{
"status": "affected",
"version": "16.9.5f"
},
{
"status": "affected",
"version": "16.9.6"
},
{
"status": "affected",
"version": "16.9.7"
},
{
"status": "affected",
"version": "16.9.8"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.1a"
},
{
"status": "affected",
"version": "16.10.1b"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1c"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1d"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.1f"
},
{
"status": "affected",
"version": "16.10.1g"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.2E"
},
{
"status": "affected",
"version": "3.10.3E"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.1w"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.1y"
},
{
"status": "affected",
"version": "16.12.2a"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1x"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.3a"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.1z1"
},
{
"status": "affected",
"version": "16.12.5a"
},
{
"status": "affected",
"version": "16.12.5b"
},
{
"status": "affected",
"version": "16.12.1z2"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.9"
},
{
"status": "affected",
"version": "16.12.10"
},
{
"status": "affected",
"version": "16.12.10a"
},
{
"status": "affected",
"version": "16.12.11"
},
{
"status": "affected",
"version": "16.12.12"
},
{
"status": "affected",
"version": "16.12.13"
},
{
"status": "affected",
"version": "3.11.0E"
},
{
"status": "affected",
"version": "3.11.1E"
},
{
"status": "affected",
"version": "3.11.2E"
},
{
"status": "affected",
"version": "3.11.3E"
},
{
"status": "affected",
"version": "3.11.1aE"
},
{
"status": "affected",
"version": "3.11.4E"
},
{
"status": "affected",
"version": "3.11.3aE"
},
{
"status": "affected",
"version": "3.11.5E"
},
{
"status": "affected",
"version": "3.11.6E"
},
{
"status": "affected",
"version": "3.11.7E"
},
{
"status": "affected",
"version": "3.11.8E"
},
{
"status": "affected",
"version": "3.11.9E"
},
{
"status": "affected",
"version": "3.11.10E"
},
{
"status": "affected",
"version": "3.11.11E"
},
{
"status": "affected",
"version": "3.11.12E"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.6.7"
},
{
"status": "affected",
"version": "17.6.8"
},
{
"status": "affected",
"version": "17.6.8a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.9.6"
},
{
"status": "affected",
"version": "17.9.6a"
},
{
"status": "affected",
"version": "17.9.7"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.9.5f"
},
{
"status": "affected",
"version": "17.9.7a"
},
{
"status": "affected",
"version": "17.9.7b"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1w"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.1x"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.12.1y"
},
{
"status": "affected",
"version": "17.12.1z"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.12.1z1"
},
{
"status": "affected",
"version": "17.12.1z2"
},
{
"status": "affected",
"version": "17.12.4a"
},
{
"status": "affected",
"version": "17.12.5"
},
{
"status": "affected",
"version": "17.12.4b"
},
{
"status": "affected",
"version": "17.12.1z3"
},
{
"status": "affected",
"version": "17.12.5a"
},
{
"status": "affected",
"version": "17.12.1z4"
},
{
"status": "affected",
"version": "17.12.5b"
},
{
"status": "affected",
"version": "17.12.5c"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.14.1"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.15.1"
},
{
"status": "affected",
"version": "17.15.1w"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.15.2"
},
{
"status": "affected",
"version": "17.15.1b"
},
{
"status": "affected",
"version": "17.15.1x"
},
{
"status": "affected",
"version": "17.15.1z"
},
{
"status": "affected",
"version": "17.15.3"
},
{
"status": "affected",
"version": "17.15.2c"
},
{
"status": "affected",
"version": "17.15.2a"
},
{
"status": "affected",
"version": "17.15.1y"
},
{
"status": "affected",
"version": "17.15.2b"
},
{
"status": "affected",
"version": "17.15.3a"
},
{
"status": "affected",
"version": "17.15.3b"
},
{
"status": "affected",
"version": "17.16.1"
},
{
"status": "affected",
"version": "17.16.1a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:14:57.638Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxe-arg-inject-EyDDbh4e",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e"
}
],
"source": {
"advisory": "cisco-sa-iosxe-arg-inject-EyDDbh4e",
"defects": [
"CSCwm41327"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20338",
"datePublished": "2025-09-24T17:14:57.638Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-09-25T03:55:59.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31329 (GCVE-0-2025-31329)
Vulnerability from cvelistv5
Published
2025-05-13 00:16
Modified
2025-05-13 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Summary
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server ABAP and ABAP Platform |
Version: SAP_BASIS 700 Version: SAP_BASIS 701 Version: SAP_BASIS 702 Version: SAP_BASIS 731 Version: SAP_BASIS 740 Version: SAP_BASIS 750 Version: SAP_BASIS 751 Version: SAP_BASIS 752 Version: SAP_BASIS 753 Version: SAP_BASIS 754 Version: SAP_BASIS 755 Version: SAP_BASIS 756 Version: SAP_BASIS 757 Version: SAP_BASIS 758 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:55:50.794345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:55:58.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_BASIS 700"
},
{
"status": "affected",
"version": "SAP_BASIS 701"
},
{
"status": "affected",
"version": "SAP_BASIS 702"
},
{
"status": "affected",
"version": "SAP_BASIS 731"
},
{
"status": "affected",
"version": "SAP_BASIS 740"
},
{
"status": "affected",
"version": "SAP_BASIS 750"
},
{
"status": "affected",
"version": "SAP_BASIS 751"
},
{
"status": "affected",
"version": "SAP_BASIS 752"
},
{
"status": "affected",
"version": "SAP_BASIS 753"
},
{
"status": "affected",
"version": "SAP_BASIS 754"
},
{
"status": "affected",
"version": "SAP_BASIS 755"
},
{
"status": "affected",
"version": "SAP_BASIS 756"
},
{
"status": "affected",
"version": "SAP_BASIS 757"
},
{
"status": "affected",
"version": "SAP_BASIS 758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T00:17:19.984Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3577287"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-31329",
"datePublished": "2025-05-13T00:16:51.190Z",
"dateReserved": "2025-03-27T23:02:06.906Z",
"dateUpdated": "2025-05-13T13:55:58.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases:
Description:
- Developers should anticipate that parameter/argument delimiters will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation ID: MIT-28
Phase: Implementation
Strategy: Output Encoding
Description:
- While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.