VDB
GCVE-110-NCSC-2024-282
GCVE-110-NCSC-2024-282
Advisory PublishedCVSS 7.5/10
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Weaknesses (CWE)
CWE-286Incorrect User ManagementCWE-125Out-of-bounds ReadCWE-400Uncontrolled Resource ConsumptionCWE-502Deserialization of Untrusted DataCWE-121Stack-based Buffer OverflowCWE-222Truncation of Security-relevant InformationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-1325Improperly Controlled Sequential Memory AllocationCWE-916Use of Password Hash With Insufficient Computational EffortCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-787Out-of-bounds WriteCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-476NULL Pointer DereferenceCWE-266Incorrect Privilege AssignmentCWE-326Inadequate Encryption StrengthCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-434Unrestricted Upload of File with Dangerous TypeCWE-267Privilege Defined With Unsafe ActionsCWE-425Direct Request ('Forced Browsing')CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-602Client-Side Enforcement of Server-Side SecurityCWE-863Incorrect AuthorizationCWE-378Creation of Temporary File With Insecure PermissionsCWE-307Improper Restriction of Excessive Authentication AttemptsCWE-732Incorrect Permission Assignment for Critical ResourceCWE-770Allocation of Resources Without Limits or ThrottlingCWE-547Use of Hard-coded, Security-relevant ConstantsCWE-924Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Risk Scores
CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| siemens | ruggedcom_i800nc | — | — |
| siemens | mendix_encryption | — | — |
| siemens | plm_xml_sdk | — | — |
| siemens | jt_open | — | — |
| siemens | ruggedcom_i800 | — | — |
| siemens | ps_iges_parasolid_translator_component | — | — |
Aliases
CVE-2022-32260CVE-2023-27321CVE-2023-32735CVE-2023-32737CVE-2023-46720CVE-2023-48795CVE-2023-52237CVE-2023-52238CVE-2023-52891CVE-2023-7066CVE-2024-21754CVE-2024-23111CVE-2024-26010CVE-2024-30321CVE-2024-32055CVE-2024-32056CVE-2024-32057CVE-2024-32058CVE-2024-32059CVE-2024-32060CVE-2024-32061CVE-2024-32062CVE-2024-32063CVE-2024-32064CVE-2024-32065CVE-2024-32066CVE-2024-33577CVE-2024-33653CVE-2024-33654CVE-2024-3596CVE-2024-37996CVE-2024-37997CVE-2024-38278CVE-2024-38867CVE-2024-39567CVE-2024-39568CVE-2024-39569CVE-2024-39570CVE-2024-39571CVE-2024-39675CVE-2024-39865CVE-2024-39866CVE-2024-39867CVE-2024-39868CVE-2024-39869CVE-2024-39870CVE-2024-39871CVE-2024-39872CVE-2024-39873CVE-2024-39874CVE-2024-39875CVE-2024-39876CVE-2024-39888
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.