us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: L210-F2G Lynx Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed or may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Westermo L210-F2G industrial ethernet switches are affected: L210-F2G Lynx: version 4.21.0 3.2 Vulnerability Overview 3.2.1 Cleartext Transmission of Sensitive Information CWE-319 Plain text credentials and session ID can be captured with a network sniffer. CVE-2024-37183 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2024-37183. A base score of 6.9 has been calculated; the CVSS v...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: RAD Data Communications Equipment: SecFlow-2 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain files from the operating system by crafting a special request. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following RAD Data Communications products are affected: SecFlow-2: All versions 3.2 Vulnerability Overview 3.2.1 PATH TRAVERSAL: '..\FILENAME' CWE-29 RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. CVE-2019-6268 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2019-6268. A base score of 8.7 has...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: ST7 ScadaConnect Vulnerabilities: Integer Overflow or Wraparound, Double Free, Improper Certificate Validation, Inefficient Regular Expression Complexity, Improper Check for Unusual or Exceptional Conditions, Improper Input Validation, NULL Pointer Dereference, Missing Encryption of Sensitive Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, cause a denial-of-service (DoS) cond...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SITOP UPS1600 10 A Ethernet/ PROFINET (6EP4134-3AB00-2AY0), SITOP UPS1600 20 A Ethernet/ PROFINET (6EP4136-3AB00-2AY0), SITOP UPS1600 40 A Ethernet/ PROFINET (6EP4137-3AB00-2AY0), SITOP UPS1600 EX 20 A Ethernet PROFINET (6EP4136-3AC00-2AY0) Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause limited impact in the affected systems. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SITOP UPS1600, an uninterruptible power supply, are affected: SITOP UPS1600 10 A Ether...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: TIA Administrator Vulnerability: Creation of Temporary File in Directory with Insecure Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disrupt the update process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens TIA Administrator, a web-based framework, are affected: TIA Administrator: All versions prior to V3 SP2 3.2 Vulnerability Overview 3.2.1 CREATION OF TEMPORARY FILE IN DIRECTORY WITH INSECURE PERMISSIONS CWE-379 The affected component creates temporary download files in a directory wit...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Applications Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation requires to guess the identification of a target role which contains the elevated access rights. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products, are affected: Siemens Mendix Applications using Mendix 9: Versions prior to V9.24.22 and after V9.3.0 Siemens Mendix Applications using Mendix 10: Versions prior to V10.11.0 Siemens Mendix Applications using Mendix 10 (V10.6): Versions prior V10.6.9 3.2 Vulnerability Overview 3.2.1 IMPROPER PRIVILEGE ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-200 SMART devices Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens programmable logic controllers are affected: Siemens SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0): All versions Siemens SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0): All versions Siemens SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0): All versions Siemens SIMATIC S7-20...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC, SIPLUS Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Injection, Double Free, Integer Overflow or Wraparound, Improper Locking, NULL Pointer Dereference, Use-After-Free, Improper Input Validation, Improper Certificate Validation, Missing Release of Memory after Effective Lifetime, Out-of-bounds Read, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leak memory, create a denial-of-service condition...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC Traffic Analyzer Vulnerabilities: Out-of-bounds Write, Insufficient Session Expiration, Cross-Site Request Forgery (CSRF), Insufficiently Protected Credentials, Exposed Dangerous Method or Function, Cleartext Transmission of Sensitive Information, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, disclose sensitive information, or modify files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRO...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow low-privilege users to edit scripts, bypassing access control lists, and potentially gain further access within the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of FactoryTalk Software are affected: FactoryTalk View SE: v12.0 3.2 Vulnerability Overview 3.2.1 Incorrect Permission Assignment for Critical Resource CWE-732 A privilege escalation vulnerability exists in FactoryTalk View SE. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. CVE-2024-37369 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS ...