VDB

GCVE-110-NCSC-2024-282

GCVE-110-NCSC-2024-282
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published July 9, 2024
Exposure of Sensitive System Information to an Unauthorized Control Sphere

Weaknesses (CWE)

CWE-286Incorrect User ManagementCWE-125Out-of-bounds ReadCWE-400Uncontrolled Resource ConsumptionCWE-502Deserialization of Untrusted DataCWE-121Stack-based Buffer OverflowCWE-222Truncation of Security-relevant InformationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-1325Improperly Controlled Sequential Memory AllocationCWE-916Use of Password Hash With Insufficient Computational EffortCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-787Out-of-bounds WriteCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-476NULL Pointer DereferenceCWE-266Incorrect Privilege AssignmentCWE-326Inadequate Encryption StrengthCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-434Unrestricted Upload of File with Dangerous TypeCWE-267Privilege Defined With Unsafe ActionsCWE-425Direct Request ('Forced Browsing')CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-602Client-Side Enforcement of Server-Side SecurityCWE-863Incorrect AuthorizationCWE-378Creation of Temporary File With Insecure PermissionsCWE-307Improper Restriction of Excessive Authentication AttemptsCWE-732Incorrect Permission Assignment for Critical ResourceCWE-770Allocation of Resources Without Limits or ThrottlingCWE-547Use of Hard-coded, Security-relevant ConstantsCWE-924Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
siemensruggedcom_i800nc
siemensmendix_encryption
siemensplm_xml_sdk
siemensjt_open
siemensruggedcom_i800
siemensps_iges_parasolid_translator_component

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›