[ { "advisoryKey": "BDU:2025-01001", "affectedPackages": [ { "type": "ics-vendor", "identifier": "SampleVendor SampleGateway", "platform": "Energy, ICS", "versionRanges": [ { "fixedVersion": null, "introducedVersion": "2.0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": false, "nevra": null, "semVer": { "constraintExpression": ">= 2.0", "exactValue": null, "fixed": null, "fixedInclusive": false, "introduced": "2.0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "greaterThanOrEqual" }, "vendorExtensions": null }, "provenance": { "source": "ru-nkcki", "kind": "package-range", "value": "SampleVendor SampleGateway >= 2.0 All platforms", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": ">= 2.0", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "gte", "min": "2.0", "minInclusive": true, "max": null, "maxInclusive": null, "value": null, "notes": "SampleVendor SampleGateway >= 2.0 All platforms" } ], "statuses": [ { "provenance": { "source": "ru-nkcki", "kind": "package-status", "value": "patch_available", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "fixed" } ], "provenance": [ { "source": "ru-nkcki", "kind": "package", "value": "SampleVendor SampleGateway >= 2.0 All platforms", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[]" ] } ] }, { "type": "ics-vendor", "identifier": "SampleVendor SampleSCADA", "platform": "Energy, ICS", "versionRanges": [ { "fixedVersion": null, "introducedVersion": null, "lastAffectedVersion": "4.2", "primitives": { "evr": null, "hasVendorExtensions": false, "nevra": null, "semVer": { "constraintExpression": "<= 4.2", "exactValue": null, "fixed": null, "fixedInclusive": false, "introduced": null, "introducedInclusive": true, "lastAffected": "4.2", "lastAffectedInclusive": true, "style": "lessThanOrEqual" }, "vendorExtensions": null }, "provenance": { "source": "ru-nkcki", "kind": "package-range", "value": "SampleVendor SampleSCADA <= 4.2", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": "<= 4.2", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "lte", "min": null, "minInclusive": null, "max": "4.2", "maxInclusive": true, "value": null, "notes": "SampleVendor SampleSCADA <= 4.2" } ], "statuses": [ { "provenance": { "source": "ru-nkcki", "kind": "package-status", "value": "patch_available", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "fixed" } ], "provenance": [ { "source": "ru-nkcki", "kind": "package", "value": "SampleVendor SampleSCADA <= 4.2", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "BDU:2025-01001", "CVE-2025-0101" ], "credits": [], "cvssMetrics": [ { "baseScore": 8.5, "baseSeverity": "high", "provenance": { "source": "ru-nkcki", "kind": "cvss", "value": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "cvssmetrics[]" ] }, "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "baseScore": 6.4, "baseSeverity": "medium", "provenance": { "source": "ru-nkcki", "kind": "cvss", "value": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "cvssmetrics[]" ] }, "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H", "version": "4.0" } ], "exploitKnown": true, "language": "ru", "modified": "2025-09-22T00:00:00+00:00", "provenance": [ { "source": "ru-nkcki", "kind": "advisory", "value": "BDU:2025-01001", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "advisory" ] } ], "published": "2025-09-20T00:00:00+00:00", "references": [ { "kind": "details", "provenance": { "source": "ru-nkcki", "kind": "reference", "value": "https://bdu.fstec.ru/vul/2025-01001", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "bdu", "summary": null, "url": "https://bdu.fstec.ru/vul/2025-01001" }, { "kind": "details", "provenance": { "source": "ru-nkcki", "kind": "reference", "value": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "ru-nkcki", "summary": null, "url": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001" }, { "kind": "cwe", "provenance": { "source": "ru-nkcki", "kind": "reference", "value": "https://cwe.mitre.org/data/definitions/321.html", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "cwe", "summary": "Use of Hard-coded Cryptographic Key", "url": "https://cwe.mitre.org/data/definitions/321.html" }, { "kind": "external", "provenance": { "source": "ru-nkcki", "kind": "reference", "value": "https://vendor.example/advisories/sample-scada", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": null, "summary": null, "url": "https://vendor.example/advisories/sample-scada" } ], "severity": "critical", "summary": "Authenticated RCE in Sample SCADA", "title": "Authenticated RCE in Sample SCADA" }, { "advisoryKey": "BDU:2024-00011", "affectedPackages": [ { "type": "cpe", "identifier": "LegacyPanel", "platform": "Software", "versionRanges": [ { "fixedVersion": null, "introducedVersion": null, "lastAffectedVersion": "2.5", "primitives": { "evr": null, "hasVendorExtensions": false, "nevra": null, "semVer": { "constraintExpression": "<= 2.5", "exactValue": null, "fixed": null, "fixedInclusive": false, "introduced": null, "introducedInclusive": true, "lastAffected": "2.5", "lastAffectedInclusive": true, "style": "lessThanOrEqual" }, "vendorExtensions": null }, "provenance": { "source": "ru-nkcki", "kind": "package-range", "value": "LegacyPanel 1.0 - 2.5", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": "<= 2.5", "rangeKind": "semver" }, { "fixedVersion": null, "introducedVersion": "1.0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": false, "nevra": null, "semVer": { "constraintExpression": ">= 1.0", "exactValue": null, "fixed": null, "fixedInclusive": false, "introduced": "1.0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "greaterThanOrEqual" }, "vendorExtensions": null }, "provenance": { "source": "ru-nkcki", "kind": "package-range", "value": "LegacyPanel 1.0 - 2.5", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": ">= 1.0", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "gte", "min": "1.0", "minInclusive": true, "max": null, "maxInclusive": null, "value": null, "notes": "LegacyPanel 1.0 - 2.5" }, { "scheme": "semver", "type": "lte", "min": null, "minInclusive": null, "max": "2.5", "maxInclusive": true, "value": null, "notes": "LegacyPanel 1.0 - 2.5" } ], "statuses": [ { "provenance": { "source": "ru-nkcki", "kind": "package-status", "value": "affected", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ru-nkcki", "kind": "package", "value": "LegacyPanel 1.0 - 2.5", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "BDU:2024-00011" ], "credits": [], "cvssMetrics": [ { "baseScore": 8.8, "baseSeverity": "high", "provenance": { "source": "ru-nkcki", "kind": "cvss", "value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "cvssmetrics[]" ] }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "exploitKnown": true, "language": "ru", "modified": "2024-08-02T00:00:00+00:00", "provenance": [ { "source": "ru-nkcki", "kind": "advisory", "value": "BDU:2024-00011", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "advisory" ] } ], "published": "2024-08-01T00:00:00+00:00", "references": [ { "kind": "details", "provenance": { "source": "ru-nkcki", "kind": "reference", "value": "https://bdu.fstec.ru/vul/2024-00011", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "bdu", "summary": null, "url": "https://bdu.fstec.ru/vul/2024-00011" }, { "kind": "details", "provenance": { "source": "ru-nkcki", "kind": "reference", "value": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011", "decisionReason": null, "recordedAt": "2025-10-12T00:01:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "ru-nkcki", "summary": null, "url": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011" } ], "severity": "high", "summary": "Legacy panel overflow", "title": "Legacy panel overflow" } ]