us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: EKI-1524-CE, EKI-1522-CE, EKI-1521-CE Vulnerabilities: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Advantech serial device servers are affected: EKI-1524-CE series: versions 1.24 and prior EKI-1522-CE series: versions 1.24 and prior EKI-1521-CE series: versions 1.24 and prior 3.2 Vulnerability Overview 3.2.1 Cross-Site Scripting CWE-79 Advantech EKI-1524, EKI-1522, EKI-1521 devices through version 1.21 are affected by a stored cross-site scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. CVE-2023-4202 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVS...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Asset Suite 9 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to enter an arbitrary password to execute equipment tag out actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports these vulnerabilities affect the following products: Asset Suite: Versions 9.6.3.11.1 and prior Asset Suite: Version 9.6.4 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHENTICATION CWE-287 A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user performing an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baker Hughes - Bently Nevada Equipment: Bently Nevada 3500 System Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Transmission of Sensitive Information, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to steal sensitive information and gain access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the Bently Nevada 3500 System, a real-time monitoring solution, are affected: Bently Nevada 3500 Rack (TDI Firmware): version 5.05 3.2 Vulnerability Overview 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 has a vulnerability in their password retrieval functionality which could be used by an attacker to access passwords stored on the device. CVE...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Logix Communication Modules, are affected: 1756-EN2T Series A: versions 5.008 and prior 1756-EN2T Series A: version 5.028 1756-EN2T Series B: versions 5.008 and prior 1756-EN2T Series B: version 5.028 1756-EN2T Series C: versions 5.008 and prior 1756-EN2T Series C: version 5.028 1756-EN2T Series D: versions 11.002 and prior 1756-EN2TK Series A: versions 5.008 and prior 1756-EN2TK Series A: version 5.028 1756-EN2TK Series B: versions 5.008 and ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Spectrum Power 7 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to inject arbitrary code to the update script and escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Spectrum Power 7: versions prior to V23Q3 3.2 Vulnerability Overview 3.2.1 Incorrect Permission Assignment for Critical Resource CWE-732 The affected product assigns improper access rights to the update script. This could allow an authent...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Rockwell Automation Equipment: Connected Components Workbench Vulnerabilities: Use After Free, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit heap corruption via a crafted HTML. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Connected Components Workbench Smart Security Manager are affected: Connected Components Workbench: versions prior to R21 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 Connected Components Workbench utilizes CefSharp version 81.3.100 that contains a use after free vulnerability in Google Chrome versions before 86.0.4240.198. If exploited, a remote threat actor could potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 has been assigned to this vulnerability....

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports the following versions of DIAScreen, a software configuration tool for Delta devices, are affected: DIAScreen: versions prior to v1.3.2 3.2 Vulnerability Overview 3.2.1 Out-of-bounds Write CWE-787 Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. CVE-2023-5068 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQU...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Machine Edition Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code remotely with specially crafted malicious packets or by using a self-made library to bypass security checks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: FactoryTalk View Machine Edition: v13.0 FactoryTalk View Machine Edition: v12.0 and prior 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user's input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that rest...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Real Time Automation Equipment: 460MCBS Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious JavaScript content, resulting in cross site scripting (XSS). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Real Time Automation products are affected: 460 Series: Versions prior to v8.9.8 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm. CVE-2023-4523 has been assigned to this vulnerability. A CVS...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio, NX-IO Configurator Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron engineering software are affected: Sysmac Studio: version 1.54 and prior NX-IO Configurator: version 1.22 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, which could allow attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry mishandled during extraction. This vulnerability is also known as "Zip-Slip." CVE-2018-1002205 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/U...