Source
us-cert
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Hikvision Equipment: Access Control and Intercom Products Vulnerabilities: Session Fixation, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker hijacking a session and gaining device operation permissions or result in an attacker modifying device network configuration by sending specific data packets to a vulnerable interface within the same local network. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Access Control and Intercom Products are affected: DS-K1T804AXX: V1.4.0_build221212 and prior. DS-K1T341AXX: V3.2.30_build221223 and prior. DS-K1T671XXX: V3.2.30_build221223 and prior. DS-K1T343XXX: V3.14.0_build230117 and prior. DS-K1T341C: V3.3.8_build230112 and prior. DS-K1T320XXX: V3.5.0_build220706 and prior. DS-KH63 Series: V2.2.8_build230219 and prior. DS-KH85 Series: V2.2.8_build230219 and prior. DS-KH62 Series: V1.4.62...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CP-8050, CP-8031 Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with knowledge of the corresponding credential to login to the device via SSH. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected if activated with debug support: CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05.11 CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to CPCI85 V05.11 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED CREDEN...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: cMT3000 CMI Web CGI Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Weintek products are affected: cMT-FHD: OS version 20210210 or prior. cMT-HDM: OS version 20210204 or prior. cMT3071: OS version 20210218 or prior. cMT3072: OS version 20210218 or prior. cMT3103: OS version 20210218 or prior. cMT3090: OS version 20210218 or prior. cMT3151: OS version 20210218 or prior. 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerabilities: Observable Timing Discrepancy, Double Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in disclosure of information stored in the product by sending specially crafted packets or could cause a denial-of service (DoS) condition by getting a legitimate user to import a specially crafted certificate 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric products are affected: CC-Link IE TSN Industrial Managed Switch, model NZ2MHG-TSNT8F2 NZ2MHG-TSNT4: All versions 3.2 Vulnerability Overview 3.2.1 OBSERVABLE TIMING DISCREPANCY CWE-208 An attacker could decrypt ciphertext and disclose sensitive information by sending specially crafted packets and performing a Bleichenbacher style attack. CVE-2022-4304 has been assigned to this vuln...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS65x, AFF66x, AFS67x, AFR67x Series Vulnerabilities: Incorrect Calculation, Integer Overflow or Wraparound, Improper Encoding or Escaping of Output, Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities by an attacker could have a high impact on availability, integrity, and confidentiality of the targeted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products and versions are affected: AFF66X FW: 03.0.02 and prior AFS66X-S: All versions AFS660-C: All versions AFS66X-B: All versions AFS670-V20: All versions AFS65X: All versions AFS67X: All versions AFR677: All versions 3.2 Vulnerability Overview 3.2.1 INCORRECT CALCULATION CWE-682 In Expat (aka libexpat) before 2.4.3, a left shift by 29(or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavio...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Qognify Equipment: NiceVision Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive information about the cameras managed by the platform and its users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Qoginfy NiceVision, an IP-video surveillance system, are affected: NiceVision: v3.1 and prior 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records. CVE-2023-2306 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify data, or cause a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation PanelView 800, a graphics terminal, are affected: PanelView 800 2711R-T10T: V3.011 PanelView 800 2711R-T7T: V3.011 PanelView 800 2711R-T4T: V3.011 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 An input/output validation vulnerability exists in a third-party component that the PanelView™ 800 utilizes. Libpng, which is PNG's reference library, version 1.6.32 and earlier does not properly check the length of chunks against the user limit. Libpng versions prior to 1.6.32 are susceptible to a vulnerability which, when successfully e...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: DEXMA Equipment: DEXGate Vulnerabilities: Cross-Site Scripting, Cross-Site Request Forgery, Improper Authentication, Cleartext Transmission of Sensitive Information, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the attacker impersonating a user, executing arbitrary code, and accessing the connected network. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of DEXGate is affected: DEXGate: Version 20130114 3.2 Vulnerability Overview 3.2.1 CROSS-SITE SCRIPTING (XSS) CWE-79 The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software. CVE-2023-40153 has been assigned to this vulnerab...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute code, which could result in information disclosure, tampering with and deletion of information, or a denial-of-service (DoS) condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric FA Engineering Software Products are affected: GX Works3: All versions 3.2 Vulnerability Overview 3.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276 In all versions of Mitsubishi Electric GX Works3, code execution is possible due to permission issues. This could allow an attacker to cause information disclosure, tampering with and deletion of information, or a denial-of-service (DoS) condition. CVE-2023-4088 has been assigned to this vulnerability. A CVSS v3 base score of 9.3 has...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Suprema Inc. Equipment: BioStar 2 Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a SQL injection to execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Suprema BioStar 2, an access control system, are affected: BioStar 2: version 2.8.16 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via value parameters. CVE-2023-27167 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEP...