updates 2025-11-13

Signed-off-by: Weston Steimel <[email protected]>

Author: westonsteimel

data/2025/14/ANCHORE-2025-14643.toml

@@ -0,0 +1,55 @@
+[schema]
+version = "0.1.0"
+
+[snapshot]
+captured = 2025-11-13T16:22:46.598026Z
+  [[snapshot.cve5]]
+  id = "CVE-2025-31933"
+  published = 2025-04-15T20:17:05.854000Z
+  reserved = 2025-04-01T17:44:07.318000Z
+  updated = 2025-04-16T15:10:38.283000Z
+
+    [snapshot.cve5.digest]
+    xxh128 = "3e60fd753e23fe8c25dcbc5cf0fa182a"
+
+    [snapshot.cve5.overview]
+    urls = ["https://nvd.nist.gov/vuln/detail/CVE-2025-31933"]
+    cna = "icscert"
+    description = """An unauthenticated attacker can check the existence of usernames in the system by querying an API."""
+    references = [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
+    ]
+    remediations = [
+      "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n  *  Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n  *  Use strong passwords and enable multi-factor authentication where applicable.\n  *  Report any security concerns to [email protected].\n  *  Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.",
+    ]
+  [[snapshot.nvd]]
+  id = "CVE-2025-31933"
+  published = 2025-04-15T21:16:04.063000
+  updated = 2025-04-16T13:25:37.340000
+
+
+[curator]
+converted_from_cve5 = true
+
+[vuln]
+id = "ANCHORE-2025-14643"
+
+  [[vuln.providers.nvd]]
+  id = "CVE-2025-31933"
+
+    [vuln.providers.nvd.enrichment]
+    reason = "Added CPE configurations because not yet analyzed by NVD."
+
+    [[vuln.providers.nvd.products.override.cve5]]
+    vendor = "Growatt"
+    product = "Cloud portal"
+      [[vuln.providers.nvd.products.override.cve5.cpe]]
+      vendor = "growatt"
+      product = "cloud_portal"
+      [[vuln.providers.nvd.products.override.cve5.affected]]
+        [vuln.providers.nvd.products.override.cve5.affected.version]
+        scheme = "custom"
+        greater_than_or_equal = "0"
+        less_than = "3.6.0"
+        [[vuln.providers.nvd.products.override.cve5.affected.remediation]]
+        version = "3.6.0"

data/2025/14/ANCHORE-2025-14644.toml

@@ -0,0 +1,53 @@
+[schema]
+version = "0.1.0"
+
+[snapshot]
+captured = 2025-11-13T16:22:46.697829Z
+  [[snapshot.cve5]]
+  id = "CVE-2025-31949"
+  published = 2025-04-15T20:19:24.914000Z
+  reserved = 2025-04-01T17:44:07.313000Z
+  updated = 2025-04-15T20:34:48.685000Z
+
+    [snapshot.cve5.digest]
+    xxh128 = "fabd8b4e5907efebef343154603765e8"
+
+    [snapshot.cve5.overview]
+    urls = ["https://nvd.nist.gov/vuln/detail/CVE-2025-31949"]
+    cna = "icscert"
+    description = """An authenticated attacker can obtain any plant name by knowing the plant ID."""
+    references = [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
+    ]
+    remediations = [
+      "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n  *  Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n  *  Use strong passwords and enable multi-factor authentication where applicable.\n  *  Report any security concerns to [email protected].\n  *  Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.",
+    ]
+  [[snapshot.nvd]]
+  id = "CVE-2025-31949"
+  published = 2025-04-15T21:16:04.337000
+  updated = 2025-04-16T13:25:37.340000
+
+
+[curator]
+converted_from_cve5 = true
+
+[vuln]
+id = "ANCHORE-2025-14644"
+
+  [[vuln.providers.nvd]]
+  id = "CVE-2025-31949"
+
+    [vuln.providers.nvd.enrichment]
+    reason = "Added CPE configurations because not yet analyzed by NVD."
+
+    [[vuln.providers.nvd.products.override.cve5]]
+    vendor = "Growatt"
+    product = "Cloud portal"
+      [[vuln.providers.nvd.products.override.cve5.cpe]]
+      vendor = "growatt"
+      product = "cloud_portal"
+      [[vuln.providers.nvd.products.override.cve5.affected]]
+        [vuln.providers.nvd.products.override.cve5.affected.version]
+        scheme = "custom"
+        greater_than_or_equal = "0"
+        less_than_or_equal = "3.6.0"

data/2025/14/ANCHORE-2025-14646.toml

@@ -0,0 +1,53 @@
+[schema]
+version = "0.1.0"
+
+[snapshot]
+captured = 2025-11-13T16:22:46.412926Z
+  [[snapshot.cve5]]
+  id = "CVE-2025-31357"
+  published = 2025-04-15T20:21:34.076000Z
+  reserved = 2025-04-01T17:44:07.303000Z
+  updated = 2025-04-16T15:10:30.625000Z
+
+    [snapshot.cve5.digest]
+    xxh128 = "fabd8b4e5907efebef343154603765e8"
+
+    [snapshot.cve5.overview]
+    urls = ["https://nvd.nist.gov/vuln/detail/CVE-2025-31357"]
+    cna = "icscert"
+    description = """An unauthenticated attacker can obtain a user's plant list by knowing the username."""
+    references = [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
+    ]
+    remediations = [
+      "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n  *  Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n  *  Use strong passwords and enable multi-factor authentication where applicable.\n  *  Report any security concerns to [email protected].\n  *  Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.",
+    ]
+  [[snapshot.nvd]]
+  id = "CVE-2025-31357"
+  published = 2025-04-15T21:16:03.737000
+  updated = 2025-04-16T13:25:37.340000
+
+
+[curator]
+converted_from_cve5 = true
+
+[vuln]
+id = "ANCHORE-2025-14646"
+
+  [[vuln.providers.nvd]]
+  id = "CVE-2025-31357"
+
+    [vuln.providers.nvd.enrichment]
+    reason = "Added CPE configurations because not yet analyzed by NVD."
+
+    [[vuln.providers.nvd.products.override.cve5]]
+    vendor = "Growatt"
+    product = "Cloud portal"
+      [[vuln.providers.nvd.products.override.cve5.cpe]]
+      vendor = "growatt"
+      product = "cloud_portal"
+      [[vuln.providers.nvd.products.override.cve5.affected]]
+        [vuln.providers.nvd.products.override.cve5.affected.version]
+        scheme = "custom"
+        greater_than_or_equal = "0"
+        less_than_or_equal = "3.6.0"

data/2025/14/ANCHORE-2025-14647.toml

@@ -0,0 +1,55 @@
+[schema]
+version = "0.1.0"
+
+[snapshot]
+captured = 2025-11-13T16:22:46.005638Z
+  [[snapshot.cve5]]
+  id = "CVE-2025-31941"
+  published = 2025-04-15T20:28:53.866000Z
+  reserved = 2025-04-01T17:44:07.295000Z
+  updated = 2025-04-16T15:10:22.745000Z
+
+    [snapshot.cve5.digest]
+    xxh128 = "3e60fd753e23fe8c25dcbc5cf0fa182a"
+
+    [snapshot.cve5.overview]
+    urls = ["https://nvd.nist.gov/vuln/detail/CVE-2025-31941"]
+    cna = "icscert"
+    description = """An unauthenticated attacker can obtain a list of smart devices by knowing a valid username."""
+    references = [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
+    ]
+    remediations = [
+      "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n  *  Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n  *  Use strong passwords and enable multi-factor authentication where applicable.\n  *  Report any security concerns to [email protected].\n  *  Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.",
+    ]
+  [[snapshot.nvd]]
+  id = "CVE-2025-31941"
+  published = 2025-04-15T21:16:04.200000
+  updated = 2025-04-16T13:25:37.340000
+
+
+[curator]
+converted_from_cve5 = true
+
+[vuln]
+id = "ANCHORE-2025-14647"
+
+  [[vuln.providers.nvd]]
+  id = "CVE-2025-31941"
+
+    [vuln.providers.nvd.enrichment]
+    reason = "Added CPE configurations because not yet analyzed by NVD."
+
+    [[vuln.providers.nvd.products.override.cve5]]
+    vendor = "Growatt"
+    product = "Cloud portal"
+      [[vuln.providers.nvd.products.override.cve5.cpe]]
+      vendor = "growatt"
+      product = "cloud_portal"
+      [[vuln.providers.nvd.products.override.cve5.affected]]
+        [vuln.providers.nvd.products.override.cve5.affected.version]
+        scheme = "custom"
+        greater_than_or_equal = "0"
+        less_than = "3.6.0"
+        [[vuln.providers.nvd.products.override.cve5.affected.remediation]]
+        version = "3.6.0"

data/2025/14/ANCHORE-2025-14737.toml

@@ -0,0 +1,55 @@
+[schema]
+version = "0.1.0"
+
+[snapshot]
+captured = 2025-11-13T16:23:07.246909Z
+  [[snapshot.cve5]]
+  id = "CVE-2025-27719"
+  published = 2025-04-15T21:09:29.425000Z
+  reserved = 2025-04-01T17:32:00.733000Z
+  updated = 2025-04-16T15:08:56.430000Z
+
+    [snapshot.cve5.digest]
+    xxh128 = "3e60fd753e23fe8c25dcbc5cf0fa182a"
+
+    [snapshot.cve5.overview]
+    urls = ["https://nvd.nist.gov/vuln/detail/CVE-2025-27719"]
+    cna = "icscert"
+    description = """Unauthenticated attackers can query an API endpoint and get device details."""
+    references = [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
+    ]
+    remediations = [
+      "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n  *  Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n  *  Use strong passwords and enable multi-factor authentication where applicable.\n  *  Report any security concerns to [email protected].\n  *  Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.",
+    ]
+  [[snapshot.nvd]]
+  id = "CVE-2025-27719"
+  published = 2025-04-15T22:15:25.427000
+  updated = 2025-04-16T13:25:37.340000
+
+
+[curator]
+converted_from_cve5 = true
+
+[vuln]
+id = "ANCHORE-2025-14737"
+
+  [[vuln.providers.nvd]]
+  id = "CVE-2025-27719"
+
+    [vuln.providers.nvd.enrichment]
+    reason = "Added CPE configurations because not yet analyzed by NVD."
+
+    [[vuln.providers.nvd.products.override.cve5]]
+    vendor = "Growatt"
+    product = "Cloud portal"
+      [[vuln.providers.nvd.products.override.cve5.cpe]]
+      vendor = "growatt"
+      product = "cloud_portal"
+      [[vuln.providers.nvd.products.override.cve5.affected]]
+        [vuln.providers.nvd.products.override.cve5.affected.version]
+        scheme = "custom"
+        greater_than_or_equal = "0"
+        less_than = "3.6.0"
+        [[vuln.providers.nvd.products.override.cve5.affected.remediation]]
+        version = "3.6.0"

data/2025/14/ANCHORE-2025-14738.toml

@@ -0,0 +1,55 @@
+[schema]
+version = "0.1.0"
+
+[snapshot]
+captured = 2025-11-13T16:23:10.739784Z
+  [[snapshot.cve5]]
+  id = "CVE-2025-26857"
+  published = 2025-04-15T21:12:13.452000Z
+  reserved = 2025-04-01T17:32:00.724000Z
+  updated = 2025-04-16T15:08:48.134000Z
+
+    [snapshot.cve5.digest]
+    xxh128 = "3e60fd753e23fe8c25dcbc5cf0fa182a"
+
+    [snapshot.cve5.overview]
+    urls = ["https://nvd.nist.gov/vuln/detail/CVE-2025-26857"]
+    cna = "icscert"
+    description = """Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers)."""
+    references = [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
+    ]
+    remediations = [
+      "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n  *  Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n  *  Use strong passwords and enable multi-factor authentication where applicable.\n  *  Report any security concerns to [email protected].\n  *  Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.",
+    ]
+  [[snapshot.nvd]]
+  id = "CVE-2025-26857"
+  published = 2025-04-15T22:15:17.360000
+  updated = 2025-04-16T13:25:37.340000
+
+
+[curator]
+converted_from_cve5 = true
+
+[vuln]
+id = "ANCHORE-2025-14738"
+
+  [[vuln.providers.nvd]]
+  id = "CVE-2025-26857"
+
+    [vuln.providers.nvd.enrichment]
+    reason = "Added CPE configurations because not yet analyzed by NVD."
+
+    [[vuln.providers.nvd.products.override.cve5]]
+    vendor = "Growatt"
+    product = "Cloud portal"
+      [[vuln.providers.nvd.products.override.cve5.cpe]]
+      vendor = "growatt"
+      product = "cloud_portal"
+      [[vuln.providers.nvd.products.override.cve5.affected]]
+        [vuln.providers.nvd.products.override.cve5.affected.version]
+        scheme = "custom"
+        greater_than_or_equal = "0"
+        less_than = "3.6.0"
+        [[vuln.providers.nvd.products.override.cve5.affected.remediation]]
+        version = "3.6.0"

data/2025/14/ANCHORE-2025-14741.toml

@@ -0,0 +1,55 @@
+[schema]
+version = "0.1.0"
+
+[snapshot]
+captured = 2025-11-13T16:23:07.249961Z
+  [[snapshot.cve5]]
+  id = "CVE-2025-27575"
+  published = 2025-04-15T21:18:15.913000Z
+  reserved = 2025-04-01T17:32:00.691000Z
+  updated = 2025-04-16T15:08:19.282000Z
+
+    [snapshot.cve5.digest]
+    xxh128 = "3e60fd753e23fe8c25dcbc5cf0fa182a"
+
+    [snapshot.cve5.overview]
+    urls = ["https://nvd.nist.gov/vuln/detail/CVE-2025-27575"]
+    cna = "icscert"
+    description = """An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID."""
+    references = [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
+    ]
+    remediations = [
+      "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n  *  Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n  *  Use strong passwords and enable multi-factor authentication where applicable.\n  *  Report any security concerns to [email protected].\n  *  Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.",
+    ]
+  [[snapshot.nvd]]
+  id = "CVE-2025-27575"
+  published = 2025-04-15T22:15:20.013000
+  updated = 2025-04-16T13:25:37.340000
+
+
+[curator]
+converted_from_cve5 = true
+
+[vuln]
+id = "ANCHORE-2025-14741"
+
+  [[vuln.providers.nvd]]
+  id = "CVE-2025-27575"
+
+    [vuln.providers.nvd.enrichment]
+    reason = "Added CPE configurations because not yet analyzed by NVD."
+
+    [[vuln.providers.nvd.products.override.cve5]]
+    vendor = "Growatt"
+    product = "Cloud portal"
+      [[vuln.providers.nvd.products.override.cve5.cpe]]
+      vendor = "growatt"
+      product = "cloud_portal"
+      [[vuln.providers.nvd.products.override.cve5.affected]]
+        [vuln.providers.nvd.products.override.cve5.affected.version]
+        scheme = "custom"
+        greater_than_or_equal = "0"
+        less_than = "3.6.0"
+        [[vuln.providers.nvd.products.override.cve5.affected.remediation]]
+        version = "3.6.0"