Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-24012

Summary
Assigner-INCIBE
Assigner Org ID-0cbda920-cd7f-484a-8e76-bf7f4b7f4516
Published At-09 Jan, 2025 | 14:36
Updated At-09 Jan, 2025 | 20:05
Rejected At-
Credits

Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:INCIBE
Assigner Org ID:0cbda920-cd7f-484a-8e76-bf7f4b7f4516
Published At:09 Jan, 2025 | 14:36
Updated At:09 Jan, 2025 | 20:05
Rejected At:
▼CVE Numbering Authority (CNA)
Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.

Affected Products
Vendor
OpenDDS
Product
DDS
Package Name
sros2
Default Status
unaffected
Versions
Affected
  • all versions
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Instead of including the Permission CA into the store of trusted certificates to use for chain verification, the Permission CA (and only the Permission CA) should be included in the set of certificates in which to search for signer's certificates. The store of trusted certificates to use for chain verification should then also be set to null. 2) With the store of trusted certificates to use for chain verification set to null, the PKCS7_NOVERIFY flag should then be enabled so any signer's certificates (i.e. only the Permission CA) is not chain verified. 3) Given that only a valid signer's certificate must be the Permission CA, the PKCS7_NOINTERN flag should then be enabled so any set of certificates in the message itself are not searched when locating the signer's certificates.

Configurations
Workarounds
Exploits
Credits
finder
amrc-benmorrow
finder
Gianluca Caizza
finder
Ruffin White
finder
Victor Mayoral Vilches
finder
Mikael Arguedas
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ros2/sros2/issues/282
N/A
https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d
N/A
Hyperlink: https://github.com/ros2/sros2/issues/282
Resource: N/A
Hyperlink: https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d
exploit
Hyperlink: https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-coordination@incibe.es
Published At:09 Jan, 2025 | 15:15
Updated At:09 Jan, 2025 | 16:15

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-200Secondarycve-coordination@incibe.es
CWE ID: CWE-200
Type: Secondary
Source: cve-coordination@incibe.es
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80dcve-coordination@incibe.es
N/A
https://github.com/ros2/sros2/issues/282cve-coordination@incibe.es
N/A
https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d
Source: cve-coordination@incibe.es
Resource: N/A
Hyperlink: https://github.com/ros2/sros2/issues/282
Source: cve-coordination@incibe.es
Resource: N/A
Hyperlink: https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6980ff80d
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2023-24011
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.67%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 14:36
Updated-09 Jan, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.

Action-Not Available
Vendor-ZettaScale
Product-DDS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-24010
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.67%
||
7 Day CHG+0.02%
Published-09 Jan, 2025 | 14:36
Updated-09 Jan, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.

Action-Not Available
Vendor-eProsima
Product-DDS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-6506
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.2||HIGH
EPSS-0.35% / 56.97%
||
7 Day CHG~0.00%
Published-04 Jul, 2024 | 12:52
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information exposure vulnerability in the MRW plug-in

Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrw_log" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also allows an attacker to create or overwrite shipping labels.

Action-Not Available
Vendor-MRWmrw
Product-MRW pluginmrw
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Details not found