Source
us-cert
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Schneider Electric Equipment: IGSS (Interactive Graphical SCADA System) Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution or loss of control of the SCADA system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports these vulnerabilities affect the following IGSS (Interactive Graphical SCADA System) products: IGSS Update Service (IGSSupdateservice.exe): v16.0.0.23211 and prior. 3.2 Vulnerability Overview 3.2.1 Missing Authentication for Critical Function CWE-306 A missing authentication for critical function vulnerability that could allow a local attacker to change the update source exists in the IGSS Update Service, which could lead to remote code execution the attacker force an update containing malicious content. CVE-2023-4516 has been assigned to this vulnerability. A CV...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Forgot Password Module Vulnerability: Observable Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Mendix Forgot Password (Mendix 7 compatible): All versions prior to V3.7.3. Mendix Forgot Password (Mendix 8 compatible): All versions prior to V4.1.3. Mendix Forgot Password (Mendix 9 compatible): All...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Hikvision Equipment: Access Control and Intercom Products Vulnerabilities: Session Fixation, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker hijacking a session and gaining device operation permissions or result in an attacker modifying device network configuration by sending specific data packets to a vulnerable interface within the same local network. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Access Control and Intercom Products are affected: DS-K1T804AXX: V1.4.0_build221212 and prior. DS-K1T341AXX: V3.2.30_build221223 and prior. DS-K1T671XXX: V3.2.30_build221223 and prior. DS-K1T343XXX: V3.14.0_build230117 and prior. DS-K1T341C: V3.3.8_build230112 and prior. DS-K1T320XXX: V3.5.0_build220706 and prior. DS-KH63 Series: V2.2.8_build230219 and prior. DS-KH85 Series: V2.2.8_build230219 and prior. DS-KH62 Series: V1.4.62...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CP-8050, CP-8031 Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with knowledge of the corresponding credential to login to the device via SSH. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected if activated with debug support: CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05.11 CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to CPCI85 V05.11 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED CREDEN...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: cMT3000 CMI Web CGI Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Weintek products are affected: cMT-FHD: OS version 20210210 or prior. cMT-HDM: OS version 20210204 or prior. cMT3071: OS version 20210218 or prior. cMT3072: OS version 20210218 or prior. cMT3103: OS version 20210218 or prior. cMT3090: OS version 20210218 or prior. cMT3151: OS version 20210218 or prior. 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to traverse directories, download arbitrary files, or escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SICAM A8000, a remote terminal unit, are affected: CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05.11 CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to CPCI85 V05.11 3.2 Vulnerability Overview 3.2.1 Improper Limitation of a Pathname to a Restricted Directory ('Path...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SICAM PAS/PQS Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain persistence or potentially escalate privileges in the context of the application process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SICAM PAS/PQS are affected: SICAM PAS/PQS: Version 8.00 up to but not including 8.22. 3.2 Vulnerability Overview 3.2.1 Incorrect Permission Assignment for Critical Resource CWE-732 The affected application is installed with specific fi...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: SIMATIC CP products Vulnerabilities: Improper Access Control, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code, access the PROFINET network without restrictions or perform denial of service attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC CP 1604 (6GK1160-4AA01): all versions SIMATIC CP 1616 (6GK1161-6AA02): all versions SIMATIC CP 1623 (6GK1162-3AA00): all versions SIMATIC CP 1626 (6GK1162-6AA01): all versions SIMATIC CP 162...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Xpedition Layout Browser Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION An attacker could leverage this vulnerability to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Xpedition Layout Browser are affected: Xpedition Layout Browser: All versions prior to VX.2.14 3.2 Vulnerability Overview 3.2.1 Stack-Based Buffer Overflow CWE-121 Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Classic Buffer Overflow, Command Injection, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, unauthenticated denial of service or unauthenticated remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0): versio...