us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management (APM) Edge Vulnerabilities: Use After Free, Double Free, Type Confusion, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclosure of sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi products are affected: Lumada APM Edge: Versions 4.0 and prior Lumada APM Edge: Version 6.3 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the fr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low attack complexity Vendor: Fujitsu Software Equipment: Infrastructure Manager Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker retrieving the password for the proxy server that is configured in ISM from the maintenance data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Infrastructure Manager are affected: Infrastructure Manager: Advanced Edition V2.8.0.060 Infrastructure Manager: Advanced Edition for PRIMEFLEX V2.8.0.060 Infrastructure Manager: Essential Edition V2.8.0.060 3.2 Vulnerability Overview 3.2.1 Cleartext Storage of Sensitive Information CWE-312 An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and stora...

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Phoenix Contact Equipment: TC ROUTER and TC CLOUD CLIENT Vulnerabilities: Cross-site Scripting, XML Entity Expansion 2. RISK EVALUATION Successful exploitation of this these vulnerabilities could execute code in the context of the user's browser or cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Phoenix contact reports that the following products are affected: TC ROUTER 3002T-4G: versions prior to 2.07.2 TC ROUTER 3002T-4G ATT: versions prior to 2.07.2 TC ROUTER 3002T-4G VZW: versions prior to 2.07.2 TC CLOUD CLIENT 1002-4G: versions prior to 2.07.2 TC CLOUD CLIENT 1002-4G ATT: versions prior to 2.07.2 TC CLOUD CLIENT 1002-4G VZW: versions prior to 2.07.2 CLOUD CLIENT 1101T-TX/TX: versions prior to 2.06.10 3.2 Vulnerability Overview 3.2.1 Cross-site Scripting CWE-79 In PHOENIX CONTACT TC ROUTER and TC CLOUD CLIENT prior to version 2.07.2 as ...

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Socomec Equipment: MOD3GP-SY-120K Vulnerabilities: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Storage of Sensitive Information, Reliance on Cookies without Validation and Integrity Checking, Code Injection, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute malicious Javascript code, obtain sensitive information, or steal session cookies. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Socomec products are affected: MODULYS GP (MOD3GP-SY-120K): Web firmware v01.12.10 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into...

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions Equipment: MAGLINK LX - Web Console Configuration Vulnerabilities: Authentication Bypass using an Alternate Path or Channel, Improper Access Control, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MAGLINK LX Web Console Configuration are affected: MAGLINK LX Web Console Configuration: version 2.5.1 MAGLINK LX Web Console Configuration: version 2.5.2 MAGLINK LX Web Console Configuration: version 2.5.3 MAGLINK LX Web Console Configuration: version 2.6.1 MAGLINK LX Web Console Configuration: version 2.11 MAGLINK LX Web Console Configuration: version 3.0 MAGLINK LX Web Console Configuration: version 3.2 MAGLINK LX Web Console Configuration: version 3.3 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS USING...

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker logging into the web interface using the obtained credentials. The attacker could initialize or reboot the products, terminating the video transmission. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Real-time Video Transmission Gear "IP series", a hosted web application, are affected: Real-time Video Transmission Gear "IP series" IP-HE950E: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE950D: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE900E: firmware versions V01L001 to V01L010 Real-time Video Transmission Gear "IP series" IP-HE900D: firmware versions V01L001 to V01L004 Real-time Video Transmission Ge...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: GE Digital ​Equipment: CIMPLICITY ​Vulnerability: Process Control 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges to SYSTEM. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following GE products are affected:  ​GE Digital CIMPLICITY: v2023 3.2 VULNERABILITY OVERVIEW 3.2.1 ​PROCESS CONTROL CWE-114 ​GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. ​CVE-2023-4487 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND ​CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors ​COUNTRIES/AREAS DEPLOYED: Worldwide ​COMPANY HEADQUARTERS LO...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: PTC ​Equipment: Kepware KepServerEX ​Vulnerabilities: Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, and obtain server hashes and credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of Kepware KepServerEX, an industrial automation control platform, are affected: ​Kepware KepServerEX: version 6.14.263.0 and prior ​ThingWorx Kepware Server: version 6.14.263.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​UNCONTROLLED SEARCH PATH ELEMENT CWE-427 ​The installer application of KEPServerEX is vulnerable to DLL search order hijacking. This could allow an adversary to repackage the installer with a malicious DLL and trick users into installing the trojanized software. Successful...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: ARDEREG ​Equipment: Sistemas SCADA ​Vulnerability: SQL Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to manipulate SQL query logic to extract sensitive information and perform unauthorized actions within the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following ARDEREG products are affected:  ​Sistemas SCADA: Versions 2.203 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 ​Sistema SCADA Central, a supervisory control and data acquisition (SCADA) system, is designed to monitor and control various industrial processes and critical infrastructure. ARDEREG identified this SCADA system’s login page to be vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sens...

1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow the attacker to access connected equipment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Digi International reports that the following products using Digi RealPort Protocol are affected: ​Digi RealPort for Windows: version 4.8.488.0 and earlier ​Digi RealPort for Linux: version 1.9-40 and earlier ​Digi ConnectPort TS 8/16: versions prior to 2.26.2.4 ​Digi Passport Console Server: all versions ​Digi ConnectPort LTS 8/16/32: versions prior to 1.4.9 ​Digi CM Console Server: all versions ​Digi PortServer TS: all versions ​Digi PortServer TS MEI: all versions ​Digi PortServer TS MEI Hardened: all versions ​Digi PortServer TS M MEI: all versions ​Digi PortServer TS P MEI: all versions ​Digi One IAP Family: a...