Search criteria

3 vulnerabilities found for Packet Core Gateway (PCG) by Ericsson

CVE-2026-25659 (GCVE-0-2026-25659)

Vulnerability from cvelistv5 – Published: 2026-06-05 11:08 – Updated: 2026-06-05 20:11
VLAI?
Title
Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
Summary
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
CWE
  • CWE-230 - Improper handling of missing values
Assigner
Impacted products
Vendor Product Version
Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
Create a notification for this product.
Credits
Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:11:16.225932Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:11:23.341Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Packet Core Gateway (PCG)",
          "vendor": "Ericsson",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.30",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.30",
              "status": "affected",
              "version": "0",
              "versionType": "1.30"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEricsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u0026nbsp;\u003cspan\u003eThe impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "Ericsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u00a0The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-230",
              "description": "CWE-230 Improper handling of missing values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T11:08:39.929Z",
        "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "shortName": "ERIC"
      },
      "references": [
        {
          "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25659"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
    "assignerShortName": "ERIC",
    "cveId": "CVE-2026-25659",
    "datePublished": "2026-06-05T11:08:39.929Z",
    "dateReserved": "2026-02-04T12:41:54.869Z",
    "dateUpdated": "2026-06-05T20:11:23.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25658 (GCVE-0-2026-25658)

Vulnerability from cvelistv5 – Published: 2026-06-05 11:06 – Updated: 2026-06-05 20:11
VLAI?
Title
Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
Summary
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
CWE
  • CWE-230 - Improper handling of missing values
Assigner
Impacted products
Vendor Product Version
Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
Create a notification for this product.
Credits
Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25658",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:11:36.044286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:11:42.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Packet Core Gateway (PCG)",
          "vendor": "Ericsson",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.30",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.30",
              "status": "affected",
              "version": "0",
              "versionType": "1.30"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEricsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u0026nbsp;\u003cspan\u003eThe impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "Ericsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u00a0The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-230",
              "description": "CWE-230 Improper handling of missing values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T11:06:27.504Z",
        "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "shortName": "ERIC"
      },
      "references": [
        {
          "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25658"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
    "assignerShortName": "ERIC",
    "cveId": "CVE-2026-25658",
    "datePublished": "2026-06-05T11:06:27.504Z",
    "dateReserved": "2026-02-04T12:41:54.869Z",
    "dateUpdated": "2026-06-05T20:11:42.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25657 (GCVE-0-2026-25657)

Vulnerability from cvelistv5 – Published: 2026-06-05 11:03 – Updated: 2026-06-05 20:11
VLAI?
Title
Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability
Summary
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
CWE
Assigner
Impacted products
Vendor Product Version
Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
Create a notification for this product.
Credits
Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25657",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:11:51.419993Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:11:57.051Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Packet Core Gateway (PCG)",
          "vendor": "Ericsson",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.30",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.30",
              "status": "affected",
              "version": "0",
              "versionType": "1.30"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEricsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/p\u003e"
            }
          ],
          "value": "Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-228",
              "description": "CWE-228",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T11:03:02.273Z",
        "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "shortName": "ERIC"
      },
      "references": [
        {
          "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25657"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
    "assignerShortName": "ERIC",
    "cveId": "CVE-2026-25657",
    "datePublished": "2026-06-05T11:03:02.273Z",
    "dateReserved": "2026-02-04T12:41:54.869Z",
    "dateUpdated": "2026-06-05T20:11:57.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}