Vulnerability-Lookup

CVE-2020-14396 (GCVE-0-2020-14396)

Vulnerability from cvelistv5 – Published: 2020-06-17 15:13 – Updated: 2024-08-04 12:46

Summary

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CVE-2020-14396

Vulnerability from fstec - Published: 18.12.2019

Title

Уязвимость компонента libvncclient/tls_openssl.c кроссплатформенной библиотеки LibVNCServer, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента libvncclient/tls_openssl.c кроссплатформенной библиотеки LibVNCServer связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, АО «ИВК», АО "НППКТ"

Software Name

Debian GNU/Linux, LibVNCServer, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

9 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 0.9.13 (LibVNCServer), - (Альт 8 СП), до 2.5 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для LibVNCServer: Обновление кроссплатформенной библиотеки LibVNCServer до версии 0.9.13 или новее Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2020-14396 Для ОСОН Основа: Обновление программного обеспечения libvncserver до версии 0.9.13+dfsg-3osnova2 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://cxsecurity.com/cveshow/CVE-2020-14396/ https://nvd.nist.gov/vuln/detail/CVE-2020-14396 https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://security-tracker.debian.org/tracker/CVE-2020-14396 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 0.9.13 (LibVNCServer), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f LibVNCServer:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 LibVNCServer \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.9.13 \u0438\u043b\u0438 \u043d\u043e\u0432\u0435\u0435\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2020-14396\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libvncserver \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.9.13+dfsg-3osnova2\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.12.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.07.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-03156",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-14396",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, LibVNCServer, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 libvncclient/tls_openssl.c \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 LibVNCServer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 libvncclient/tls_openssl.c \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 LibVNCServer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cxsecurity.com/cveshow/CVE-2020-14396/\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14396\nhttps://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 \nhttps://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13\nhttps://security-tracker.debian.org/tracker/CVE-2020-14396\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

GSD-2020-14396

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

Aliases

CVE-2020-14396

Aliases

CVE-2020-14396

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-14396",
    "description": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.",
    "id": "GSD-2020-14396",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-14396.html",
      "https://ubuntu.com/security/CVE-2020-14396"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-14396"
      ],
      "details": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.",
      "id": "GSD-2020-14396",
      "modified": "2023-12-13T01:21:59.833781Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-14396",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13",
            "refsource": "MISC",
            "url": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"
          },
          {
            "name": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553",
            "refsource": "MISC",
            "url": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553"
          },
          {
            "name": "USN-4434-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4434-1/"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14396"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"
            },
            {
              "name": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553"
            },
            {
              "name": "USN-4434-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4434-1/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-03-10T15:15Z",
      "publishedDate": "2020-06-17T16:15Z"
    }
  }
}

CERTFR-2021-AVI-949

Vulnerability from certfr_avis - Published: 2021-12-15 - Updated: 2021-12-15

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Teamcenter Active Workspace versions 5.2.x antérieures à 5.2.3
Siemens	N/A	JTTK versions antérieures à 11.0.3.0
Siemens	N/A	SiPass integrated versions antérieures à 2.76
Siemens	N/A	SINUMERIK Edge versions antérieures à 3.2
Siemens	N/A	SIMATIC ITC2200 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) versions antérieures à 21.00 SP3
Siemens	N/A	Siveillance Identity V5 versions antérieures à 1.6.284, ou sans le correctif de sécurité SP5
Siemens	N/A	Desigo PXC00-U toutes versions postérieures à 2.3
Siemens	N/A	SIMATIC ITC1900 V3 versions antérieures à 3.2.1.0
Siemens	N/A	JT2Go versions antérieures à 13.2.0.5
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) versions antérieures à 2.41
Siemens	N/A	Desigo PXC22.1-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC001-E.D toutes versions postérieures à 2.3
Siemens	N/A	JTTK versions antérieures à 10.8.1.1
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) versions antérieures à 2.41
Siemens	N/A	APOGEE MEC (PPC) (BACnet) toutes versions
Siemens	N/A	Siveillance Identity V1.6 versions antérieures à 1.6.284.0
Siemens	N/A	APOGEE PXC Compact (P2 Ethernet) toutes versions
Siemens	N/A	JTTK versions antérieures à 11.1.1.0
Siemens	N/A	JT Utilities versions antérieures à 12.8.1.1
Siemens	N/A	Desigo PXC50-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC200-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC36.1-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC00-E.D toutes versions postérieures à 2.3
Siemens	N/A	SiPass integrated versions antérieures à 2.80
Siemens	N/A	APOGEE PXC Modular (BACnet) toutes versions
Siemens	N/A	Teamcenter Visualization versions antérieures à 13.2.0.5
Siemens	N/A	Desigo PXC22-E.D toutes versions postérieures à 2.3
Siemens	N/A	Simcenter STAR-CCM+ Viewer versions antérieures à 2021.3.1
Siemens	N/A	Teamcenter Active Workspace versions 5.1.x antérieures à 5.1.6
Siemens	N/A	Capital VSTAR toutes versions avec l'option Ethernet activée
Siemens	N/A	SiPass integrated versions antérieures à 2.85
Siemens	N/A	JT Utilities versions antérieures à 13.1.1.0
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions antérieures à 2.41
Siemens	N/A	Desigo PXC100-E.D toutes versions postérieures à 2.3
Siemens	N/A	ModelSim Simulation toutes versions
Siemens	N/A	APOGEE PXC Modular (P2 Ethernet) toutes versions
Siemens	N/A	SIMATIC ITC2200 V3 versions antérieures à 3.2.1.0
Siemens	N/A	Desigo PXC12-E.D toutes versions postérieures à 2.3
Siemens	N/A	Questa Simulation toutes versions
Siemens	N/A	JT Utilities versions antérieures à 13.0.3.0
Siemens	N/A	Teamcenter Active Workspace versions 5.0.x antérieures à 5.0.10
Siemens	N/A	Desigo PXC128-U toutes versions postérieures à 2.3
Siemens	N/A	APOGEE MEC (PPC) (P2 Ethernet) toutes versions
Siemens	N/A	SIMATIC ITC1900 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	Teamcenter Active Workspace versions 4.3.x antérieures à V4.3.11
Siemens	N/A	APOGEE PXC Compact (BACnet) toutes versions
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions antérieures à 2.41
Siemens	N/A	APOGEE MBC (PPC) (P2 Ethernet) toutes versions
Siemens	N/A	APOGEE MBC (PPC) (BACnet) toutes versions
Siemens	N/A	SIMATIC ITC1500 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	SIMATIC ITC1500 V3 versions antérieures à 3.2.1.0
Siemens	N/A	Desigo PXC64-U toutes versions postérieures à 2.3

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-620288 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-133772 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-199605 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-595101 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-496292 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-400332 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-463116 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-523250 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-352143 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-390195 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-396621 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-802578 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-160202 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-161331 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-114589 du 14 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Teamcenter Active Workspace versions 5.2.x ant\u00e9rieures \u00e0 5.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 11.0.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.76",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) versions ant\u00e9rieures \u00e0 21.00 SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Identity V5 versions ant\u00e9rieures \u00e0 1.6.284, ou sans le correctif de s\u00e9curit\u00e9 SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC00-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 13.2.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC22.1-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC001-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 10.8.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MEC (PPC) (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Identity V1.6 versions ant\u00e9rieures \u00e0 1.6.284.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 11.1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 12.8.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC50-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC200-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC36.1-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC00-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions ant\u00e9rieures \u00e0 13.2.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC22-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 2021.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 5.1.x ant\u00e9rieures \u00e0 5.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Capital VSTAR toutes versions avec l\u0027option Ethernet activ\u00e9e",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.85",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 13.1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC100-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "ModelSim Simulation toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC12-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Questa Simulation toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 13.0.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 5.0.x ant\u00e9rieures \u00e0 5.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC128-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MEC (PPC) (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 4.3.x ant\u00e9rieures \u00e0 V4.3.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MBC (PPC) (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MBC (PPC) (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC64-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44443"
    },
    {
      "name": "CVE-2021-31881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31881"
    },
    {
      "name": "CVE-2021-44444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44444"
    },
    {
      "name": "CVE-2021-44009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44009"
    },
    {
      "name": "CVE-2021-31888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31888"
    },
    {
      "name": "CVE-2021-44447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44447"
    },
    {
      "name": "CVE-2018-20749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20749"
    },
    {
      "name": "CVE-2021-44013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44013"
    },
    {
      "name": "CVE-2021-31885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
    },
    {
      "name": "CVE-2021-31887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31887"
    },
    {
      "name": "CVE-2019-15690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15690"
    },
    {
      "name": "CVE-2021-44012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44012"
    },
    {
      "name": "CVE-2020-14396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14396"
    },
    {
      "name": "CVE-2021-44001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44001"
    },
    {
      "name": "CVE-2020-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14404"
    },
    {
      "name": "CVE-2021-44430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44430"
    },
    {
      "name": "CVE-2021-44440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44440"
    },
    {
      "name": "CVE-2021-44432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44432"
    },
    {
      "name": "CVE-2021-44445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44445"
    },
    {
      "name": "CVE-2021-31884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31884"
    },
    {
      "name": "CVE-2021-44434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44434"
    },
    {
      "name": "CVE-2021-44449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44449"
    },
    {
      "name": "CVE-2019-15681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15681"
    },
    {
      "name": "CVE-2021-44435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44435"
    },
    {
      "name": "CVE-2021-42023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42023"
    },
    {
      "name": "CVE-2021-44442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44442"
    },
    {
      "name": "CVE-2021-44002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44002"
    },
    {
      "name": "CVE-2021-44014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44014"
    },
    {
      "name": "CVE-2021-44436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44436"
    },
    {
      "name": "CVE-2021-31882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31882"
    },
    {
      "name": "CVE-2021-44438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44438"
    },
    {
      "name": "CVE-2021-44006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44006"
    },
    {
      "name": "CVE-2021-41547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41547"
    },
    {
      "name": "CVE-2021-44008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44008"
    },
    {
      "name": "CVE-2021-44017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44017"
    },
    {
      "name": "CVE-2021-44441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44441"
    },
    {
      "name": "CVE-2021-44011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44011"
    },
    {
      "name": "CVE-2018-20748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20748"
    },
    {
      "name": "CVE-2019-20788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20788"
    },
    {
      "name": "CVE-2021-44446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44446"
    },
    {
      "name": "CVE-2021-44010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44010"
    },
    {
      "name": "CVE-2021-44522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44522"
    },
    {
      "name": "CVE-2021-44448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44448"
    },
    {
      "name": "CVE-2021-44523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44523"
    },
    {
      "name": "CVE-2019-20840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20840"
    },
    {
      "name": "CVE-2021-31346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
    },
    {
      "name": "CVE-2018-20750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20750"
    },
    {
      "name": "CVE-2021-42022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42022"
    },
    {
      "name": "CVE-2021-44433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44433"
    },
    {
      "name": "CVE-2021-44004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44004"
    },
    {
      "name": "CVE-2017-18922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18922"
    },
    {
      "name": "CVE-2021-44524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44524"
    },
    {
      "name": "CVE-2021-44003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44003"
    },
    {
      "name": "CVE-2021-44007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44007"
    },
    {
      "name": "CVE-2021-42024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42024"
    },
    {
      "name": "CVE-2019-20839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20839"
    },
    {
      "name": "CVE-2021-44431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44431"
    },
    {
      "name": "CVE-2021-31889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
    },
    {
      "name": "CVE-2021-44005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44005"
    },
    {
      "name": "CVE-2020-14402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14402"
    },
    {
      "name": "CVE-2020-14397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14397"
    },
    {
      "name": "CVE-2021-31883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31883"
    },
    {
      "name": "CVE-2020-14398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14398"
    },
    {
      "name": "CVE-2020-14403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14403"
    },
    {
      "name": "CVE-2021-44439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44439"
    },
    {
      "name": "CVE-2021-44015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44015"
    },
    {
      "name": "CVE-2021-44437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44437"
    },
    {
      "name": "CVE-2021-31886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31886"
    },
    {
      "name": "CVE-2021-44450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44450"
    },
    {
      "name": "CVE-2021-42027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42027"
    },
    {
      "name": "CVE-2021-31890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
    },
    {
      "name": "CVE-2020-14405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14405"
    },
    {
      "name": "CVE-2021-31345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
    },
    {
      "name": "CVE-2018-20019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20019"
    },
    {
      "name": "CVE-2018-15127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15127"
    },
    {
      "name": "CVE-2018-21247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-21247"
    },
    {
      "name": "CVE-2021-44165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44165"
    },
    {
      "name": "CVE-2021-31344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
    },
    {
      "name": "CVE-2020-14401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14401"
    }
  ],
  "initial_release_date": "2021-12-15T00:00:00",
  "last_revision_date": "2021-12-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-949",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-620288 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-133772 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-199605 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-595101 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-496292 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496292.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-400332 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-463116 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-523250 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523250.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-352143 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-390195 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-396621 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-802578 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-160202 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-161331 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-114589 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
    }
  ]
}

GHSA-F7MR-G388-R763

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20

Details

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14396"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-17T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.",
  "id": "GHSA-f7mr-g388-r763",
  "modified": "2022-05-24T17:20:47Z",
  "published": "2022-05-24T17:20:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14396"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4434-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2020-36782

Vulnerability from cnvd - Published: 2020-07-07

Title

LibVNCServer代码问题漏洞（CNVD-2020-36782）

Description

LibVNCServer是一款支持在程序中实现VNC（虚拟网络计算）服务器或客户端功能的跨平台C语言库。 LibVNCServer 0.9.13之前版本中的libvncclient/tls_openssl.c文件存在代码问题漏洞。远程攻击者可利用该漏洞导致应用程序崩溃。

Severity

中

Patch Name

LibVNCServer代码问题漏洞（CNVD-2020-36782）的补丁

Patch Description

LibVNCServer是一款支持在程序中实现VNC（虚拟网络计算）服务器或客户端功能的跨平台C语言库。 LibVNCServer 0.9.13之前版本中的libvncclient/tls_openssl.c文件存在代码问题漏洞。远程攻击者可利用该漏洞导致应用程序崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-14396

Impacted products

Name
LibVNCServer LibVNCServer <0.9.13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-14396"
    }
  },
  "description": "LibVNCServer\u662f\u4e00\u6b3e\u652f\u6301\u5728\u7a0b\u5e8f\u4e2d\u5b9e\u73b0VNC\uff08\u865a\u62df\u7f51\u7edc\u8ba1\u7b97\uff09\u670d\u52a1\u5668\u6216\u5ba2\u6237\u7aef\u529f\u80fd\u7684\u8de8\u5e73\u53f0C\u8bed\u8a00\u5e93\u3002\n\nLibVNCServer 0.9.13\u4e4b\u524d\u7248\u672c\u4e2d\u7684libvncclient/tls_openssl.c\u6587\u4ef6\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-36782",
  "openTime": "2020-07-07",
  "patchDescription": "LibVNCServer\u662f\u4e00\u6b3e\u652f\u6301\u5728\u7a0b\u5e8f\u4e2d\u5b9e\u73b0VNC\uff08\u865a\u62df\u7f51\u7edc\u8ba1\u7b97\uff09\u670d\u52a1\u5668\u6216\u5ba2\u6237\u7aef\u529f\u80fd\u7684\u8de8\u5e73\u53f0C\u8bed\u8a00\u5e93\u3002\r\n\r\nLibVNCServer 0.9.13\u4e4b\u524d\u7248\u672c\u4e2d\u7684libvncclient/tls_openssl.c\u6587\u4ef6\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "LibVNCServer\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2020-36782\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "LibVNCServer LibVNCServer \u003c0.9.13"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-14396",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-18",
  "title": "LibVNCServer\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2020-36782\uff09"
}

FKIE_CVE-2020-14396

Vulnerability from fkie_nvd - Published: 2020-06-17 16:15 - Updated: 2024-11-21 05:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

References

URL	Tags
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch, Third Party Advisory
cve@mitre.org	https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553	Patch, Third Party Advisory
cve@mitre.org	https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13	Release Notes, Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4434-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4434-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
libvnc_project	libvncserver	*
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
canonical	ubuntu_linux	20.04
debian	debian_linux	8.0
debian	debian_linux	9.0
siemens	simatic_itc1500_firmware	*
siemens	simatic_itc1500	-
siemens	simatic_itc1500_pro_firmware	*
siemens	simatic_itc1500_pro	-
siemens	simatic_itc1900_firmware	*
siemens	simatic_itc1900	-
siemens	simatic_itc1900_pro_firmware	*
siemens	simatic_itc1900_pro	-
siemens	simatic_itc2200_firmware	*
siemens	simatic_itc2200	-
siemens	simatic_itc2200_pro_firmware	*
siemens	simatic_itc2200_pro	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03A7282-D445-4E26-98A0-6A1597838D35",
              "versionEndIncluding": "0.9.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A664216-EEA0-423F-8E11-59C746FDEEFE",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9596C8CD-B03F-4E9D-82AB-0986FDD1B47C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD78291E-48D8-4718-AE14-BDF93BD557D7",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BB898D3-07A3-42A1-8F1B-53C3B005982D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1209DE-2724-493D-8276-1BE959BFE6BF",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A9143A6-A93A-45CA-8A1F-6EE30647B54A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F7FC17-F19F-4BD6-9704-49B67D22B532",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D34BD13-4E71-48A2-851D-AE7CE2A03C28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4A6F13-385B-4A13-B8D8-3BBC4E9D5B67",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E63E423-7450-4043-B33B-3FFF5BBE1CB2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A51CA4-1A62-47BC-99A3-4DC9F3986FF5",
              "versionEndExcluding": "3.2.1.0",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD278558-AB0E-4FC1-9E5B-6B57D29CB86A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/tls_openssl.c presenta una desreferencia del puntero NULL"
    }
  ],
  "id": "CVE-2020-14396",
  "lastModified": "2024-11-21T05:03:10.293",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-17T16:15:11.697",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4434-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4434-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-14396 (GCVE-0-2020-14396)

CVE-2020-14396

GSD-2020-14396

CERTFR-2021-AVI-949

Solution

GHSA-F7MR-G388-R763

CNVD-2020-36782

FKIE_CVE-2020-14396

Tags

Sightings

Nomenclature