From e5cea3869f94c5c8caf3d9f1056733c34d874133 Mon Sep 17 00:00:00 2001
From: Brendan McDevitt <brendan@mcdevitt.tech>
Date: Sat, 21 May 2022 10:02:42 -0500
Subject: [PATCH] added cert@vde captured data potential from advisory example

---
 .../cnas_with_html_advisories.md              | 65 +++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/doc/cna_readme_notes/cnas_with_html_advisories.md b/doc/cna_readme_notes/cnas_with_html_advisories.md
index b250905..7f9f444 100644
--- a/doc/cna_readme_notes/cnas_with_html_advisories.md
+++ b/doc/cna_readme_notes/cnas_with_html_advisories.md
@@ -421,6 +421,71 @@ https://vuls.cert.org/confluence/display/VIN/Vulnerability+Note+Help This page g
 ### Advisory
 https://cert.vde.com/en/advisories/
 #### Captured Data Potential From Advisory
+```
+{
+  :bulletin_id => 'VDE-2022-021',
+  :published => '2022-05-16 14:00 (CEST)',
+  :last_update => '2022-05-16 16:16 (CEST)',
+  :vendors => [' Pepperl+Fuchs SE'],
+  :products => [
+    {
+      :article_no => '',
+      :product_name => 'RSM-EX01B Product Family',
+      :affected_versions => [
+        'all versions'
+      ]
+    }
+  ],
+  :summary => 'Critical vulnerabilities have been discovered in the utilized Bluetooth component. For more information see: https://kb.cert.org/vuls/id/799380 external link',
+  :vulnerabilities => [
+    {
+      :cve_id => 'CVE-2020-26559',
+      :severity => '8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)',
+      :weakness => 'Incorrect Authorization (CWE-863)',
+      :summary => 'Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public ...',
+      :source => 'https://nvd.nist.gov/vuln/detail/CVE-2020-26559'
+    },
+    {
+      :cve_id => 'CVE-2020-26560',
+      :severity => '8.1 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)',
+      :weakness => 'Incorrect Authorization (CWE-863)',
+      :summary => 'Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, ...',
+      :source => 'https://nvd.nist.gov/vuln/detail/CVE-2020-26560'
+   },
+   {
+     :cve_id => 'CVE-2020-26556',
+     :severity => '7.5 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)',
+     :weakness => 'Improper Restriction of Excessive Authentication Attempts (CWE-307)',
+     :summary => 'Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning ...',
+     :source => 'https://nvd.nist.gov/vuln/detail/CVE-2020-26556'
+   },
+   {
+     :cve_id => 'CVE-2020-26557',
+     :severity => '7.5 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)',
+     :weakness => 'Incorrect Authorization (CWE-863)',
+     :summary => 'Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via ...',
+     :source => 'https://nvd.nist.gov/vuln/detail/CVE-2020-26557'
+   },
+   {
+     :cve_id => 'CVE-2020-26555',
+     :severity => '5.4 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)',
+     :weakness => 'Incorrect Authorization (CWE-863)',
+     :summary => 'Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing ...',
+     :source => 'https://nvd.nist.gov/vuln/detail/CVE-2020-26555'
+   },
+   {
+     :cve_id => 'CVE-2020-26558',
+     :severity => '4.2 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)',
+     :weakness => 'Improper Authentication (CWE-287)',
+     :summary => 'Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication ...',
+     :source => 'https://nvd.nist.gov/vuln/detail/CVE-2020-26558'
+   }
+  ],
+  :impact => 'Pepperl+Fuchs analyzed and identified affected devices. An unauthorized attacker could gain access to the audio communication and listen to the conversation via Bluetooth. This attack can only be carried out at close range and is limited by the radio range of Bluetooth. The impact of the vulnerabilities on the affected device may result in information disclosure',
+  :solution => 'The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active. This can be used to detect an unauthenticated connection.',
+  :reported_by => 'Pepperl+Fuchs Coordinated by CERT@VDE'
+}
+```
 
 ## Checkpoint
 ### Advisory