us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix 7, Mendix 8, Mendix 9, Mendix 10 Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated attackers to access or modify objects without proper authorization or escalate privileges in the context of the vulnerable app. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Mendix Applications, are affected: Mendix Applications using Mendix 7: all versions prior to V7.23.37 Mendix Applications using Mendix 8: all versions prior to V8.18.27 Mendix Applications usi...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: OPC UA Modeling Editor (SiOME) Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens OPC UA Modeling Editor (SiOME), are affected: OPC UA Modelling Editor (SiOME): versions prior to V2.8 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 4 7SJ66 Vulnerabilities: Classic Buffer Overflow, Session Fixation, NULL Pointer Dereference, Origin Validation Error, Race Condition, Missing Release of Memory after Effective Lifetime 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute a variety of exploits for the purpose of denial-of-service, data extraction, remote code execution, etc. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following SIPROTEC products are affected due to vulnerabilities in the underlying Wind Riv...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, NULL Pointer Dereference, Allocation of Resources Without Limits or Throttling, Acceptance of Extraneous Untrusted Data With Trusted Data, Use of Hard-coded Cryptographic Key, Use of Weak Hash, Direct Request ('Forced Browsing'), Uncontrolled Resource Consumption, Unchecked Return Value, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Unsynchronized Access to Shared Dat...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: SQL Injection, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Siemens are affected: RUGGEDCOM APE1808 with Nozomi Guardian / CMC: All versions before V22.6.3 or 23.1.0 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 A S...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: SIS Workstation and ISaGRAF Workbench Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local users to overwrite files replacing them with malicious programs. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of SIS Workstation and ISaGRAF Workbench Code are affected: Safety Instrumented System Workstation: v1.2 up to but not including v2.00 ISaGRAF Workbench: v6.6.9 up to but not including v6.06.10 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 Due to the third-party vulnerabilities in Nullsoft Scriptable Install System (NSIS), the SIS Workstation and ISaGRAF Workbench installer and uninstaller have unsafe implicit linking against Version.dll. Therefore, there is no protection mechanism in the wrapper function that resolves the de...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Operations Control Logger Vulnerabilities: Execution with Unnecessary Privileges, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow privilege escalation or denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS AVEVA has created a security update to address vulnerabilities in the AVEVA Operations Control Logger (formerly known as ArchestrA Logger), impacting the following products: AVEVA SystemPlatform: 2020 R2 SP1 P01 and prior AVEVA Historian: 2020 R2 SP1 P01 and prior AVEVA Application Server: 2020 R2 SP1 P01 and prior AVEVA InTouch: 2020 R2 SP1 P01 and prior AVEVA Enterprise Licensing (formerly known as License Manager): version 3.7.002 and prior AVEVA Manufacturing Execution System (formerly known as Wonderware MES): 2020 P01 and prior AVEVA Recipe Management: 2020 R2 Update 1 Patch 2 and prior AVEVA Batch M...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Quantum HD Unity Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access debug features that were accidentally exposed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls Quantum HD Unity products are affected: Quantum HD Unity Compressor control panels (Q5): All versions prior to v11.22 Quantum HD Unity Compressor control panels (Q6): All versions prior to v12.22 Quantum HD Unity AcuAir control panels(Q5): All versions prior to v11.12 Quantum HD Unity AcuAir control panels(Q6): All versions prior to v12.12 Quantum HD Unity Condenser/Vessel control panels (Q5): All versions prior to v11.11 Quantum HD Unity Condenser/Vessel control panels (Q6): All versions prior to v12.11 Quantum HD Unity Evaporator control panels (Q5): All versions prior to v...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: eSOMS Vulnerabilities: Generation of Error Message Containing Sensitive Information, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information related to eSOMS application configuration. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected: eSOMS: v6.3.13 and prior 3.2 Vulnerability Overview 3.2.1 GENERATION OF ERROR MESSAGE CONTAINING SENSITIVE INFORMATION CWE-209 The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. CVE-2023-5514 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and achieve code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of General Electric MiCOM S1 Agile is affected: MiCOM S1 Agile: All versions 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. CVE-2023-0898 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3....