us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: LP30, LP40, LP50, and BM40 Operator Panels Vulnerability: Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow, Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to use specifically crafted communication requests to perform a denial-of-service condition, memory overwriting, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: LP30 Operator Panel: Versions prior to V3.5.19.0 LP40 Operator Pane: Versions prior to V3.5.19.0 LP50 Operator Panel: Versions prior to V3.5.19.0 BM40 Operator Panel: Versions prior to V3.5.19.0 3.2 Vulnerability Overview 3.2.1 IMPROPER VALIDATION OF CONSISTENCY WITHIN INPUT CWE-1288 After successful authentication, specifically c...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX OPC Server DA/UA (Software packaged with MC Works64) Vulnerabilities: Missing Authentication for Critical Function, Unsafe Reflection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service (DoS) condition on the products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric FA Engineering Software Products, are affected: EZSocket: Versions 3.0 and later FR Configurator2: All versions GT Designer3 Version1(GOT1000): All versions GT Designer3 Version1(GOT2000): All versions GX Works2: Versions 1.11M and later GX Works3: All ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device by exploiting a Denial-of-Service (DoS) vulnerability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ControlLogix and GuardLogix programmable logic controllers are affected: ControlLogix 5570: Firmware version 20.011 ControlLogix 5570 redundant: Firmware versions 20.054_kit1 GuardLogix 5570: Firmware version 20.011 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 A Denial-of-Service (DoS) vulnerability exists that, if exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart i...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC WS Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to login to the modules and disclose or tamper with the programs and parameters in the modules. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric MELSEC WS Series Ethernet Interface Modules, are affected: WS0-GETH00200: All serial numbers 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294 An authentication bypass vulnerability exists in the MELSEC WS Series Ethernet Interface Modules. A remote unauthenticated attacker can bypass authentication by capture-replay attack and login to the modules. As a result, the remote attacker who has logged in may be able to disclose or tamper with the programs and parameters in the modules. CVE-2023-6...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve user information and modify settings without any authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Smart Security Manager, a software management platform, are affected: FactoryTalk Service Platform: Versions prior to v6.4 3.2 Vulnerability Overview 3.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347 A vulnerability exists in the affected product that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user informatio...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Emerson Equipment: Rosemount GC370XA, GC700XA, GC1500XA Vulnerabilities: Command Injection, Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition, and bypass authentication to acquire admin capabilities. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Emerson Rosemount Gas Chromatographs are affected: GC370XA: Version 4.1.5 GC700XA: Version 4.1.5 GC1500XA: Version 4.1.5 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. CVE-2023-46687 ha...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MachineSense LLC. Equipment: MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command Injection, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain user data from devices, execute remote code on devices, or gain control over devices to perform malicious actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of the FeverWarn ecosystem, an IoT-based skin temperature scanning system, are affected: FeverWarn: ESP32 FeverWarn: RaspberryPi FeverWarn: DataHub RaspberryPi 3.2 Vulnerability Overview 3.2.1 Missing Authentication for Critical Function CWE-306 The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: SystemK Equipment: NVR 504/508/516 Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute commands with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SystemK NVR, a network video recorder, are affected: NVR 504: 2.3.5SK.30084998 NVR 508: 2.3.5SK.30084998 NVR 516: 2.3.5SK.30084998 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges. CVE-2023-7227 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calcu...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition, obtain administrator credentials, or achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ViewPower Pro, an Uninterruptable Power Supply (UPS) management software, are affected: ViewPower Pro: 2.0-22165 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 The affected product deserializes untrusted data without sufficiently verifying the resulting data will be valid. CVE-2023-51570 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector stri...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable via adjacent network / low attack complexity Vendor: APsystems Equipment: Energy communication Unit (ECU-C) Power Control Software Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive data and execute specific commands and functions with full admin rights without authenticating. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following APsystems products are affected: Energy Communication Unit Power Control Software: C1.2.2 Energy Communication Unit Power Control Software: v3.11.4 Energy Communication Unit Power Control Software: W2.1.NA Energy Communication Unit Power Control Software: v4.1SAA Energy Communication Unit Power Control Software: v4.1NA 3.2 Vulnerability Overview 3.2.1 IMPROPER ACCESS CONTROL CWE-284 APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows a...