{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-01T19:30:42.678","vulnerabilities":[{"cve":{"id":"CVE-2025-2884","sourceIdentifier":"cret@cert.org","published":"2025-06-10T18:15:30.617","lastModified":"2026-06-17T09:07:47.560","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0"},{"lang":"es","value":"La función auxiliar CryptHmacSign de la implementación de referencia TCG TPM2.0 es vulnerable a lecturas fuera de los límites debido a la falta de validación del esquema de firma con el algoritmo de la clave de firma. Consulte la errata 1.83 del estándar TCG TPM2.0."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"Trusted Computing Group","product":"TPM2.0","versions":[{"version":"0","lessThan":"1.83","versionType":"custom","status":"affected"}]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"SIMATIC CN 4100","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC Field PG M5","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC Field PG M6","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC BX-32A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V29.01.09","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC BX-39A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V29.01.09","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC BX-56A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V32.01.09","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC BX-59A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V32.01.09","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC MD-57A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V30.01.10","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC PX-32A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V29.01.09","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC PX-39A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V29.01.09","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC PX-39A PRO","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V29.01.09","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC RW-528A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V34.01.02","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC RW-548A","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V34.01.02","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC227E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC277E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC427E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V21.01.20","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC477E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V21.01.20","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC477E PRO","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V21.01.20","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC627E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC647E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC677E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC IPC847E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC ITP1000","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIPLUS IPC427E","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V21.01.20","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-13T01:41:10.489446Z","id":"CVE-2025-2884","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1","source":"cret@cert.org"},{"url":"https://trustedcomputinggroup.org/about/security/","source":"cret@cert.org"},{"url":"https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf","source":"cret@cert.org"},{"url":"https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf","source":"cret@cert.org"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-49133","source":"cret@cert.org"},{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/282450","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-628843.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}}]}