us-cert

1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow the attacker to access connected equipment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Digi International reports that the following products using Digi RealPort Protocol are affected: ​Digi RealPort for Windows: version 4.8.488.0 and earlier ​Digi RealPort for Linux: version 1.9-40 and earlier ​Digi ConnectPort TS 8/16: versions prior to 2.26.2.4 ​Digi Passport Console Server: all versions ​Digi ConnectPort LTS 8/16/32: versions prior to 1.4.9 ​Digi CM Console Server: all versions ​Digi PortServer TS: all versions ​Digi PortServer TS MEI: all versions ​Digi PortServer TS MEI Hardened: all versions ​Digi PortServer TS M MEI: all versions ​Digi PortServer TS P MEI: all versions ​Digi One IAP Family: a...

1. EXECUTIVE SUMMARY ​CVSS v3 8.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: PTC ​Equipment: Codebeamer ​Vulnerability: Cross site scripting 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to inject arbitrary JavaScript code, which could be executed in the victim's browser upon clicking on a malicious link. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of PTC Codebeamer, Application Lifecycle Management (ALM) platform for product and software development, are affected: ​Codebeamer: v22.10-SP6 or lower ​Codebeamer: v22.04-SP2 or lower ​Codebeamer: v21.09-SP13 or lower 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79 ​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device. ​CVE-2023-4296 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5  ​ATTENTION: Exploitable remotely/low attack complexity  ​Vendor: OPTO 22  ​Equipment: SNAP PAC S1  ​Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Weak Password Requirements, Improper Access Control, Uncontrolled Resource Consumption  2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to brute force passwords, access certain device files, or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following version of SNAP PAC S1, an industrial programmable automation controller, is affected:  ​SNAP PAC S1 Firmware: Version R10.3b  3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307  ​There is no limit on the number of login attempts. This could allow a brute force attack on the built-in web server login.  ​CVE-2023-40706 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigne...

1. EXECUTIVE SUMMARY ​CVSS v3 7.3  ​ATTENTION: low attack complexity  ​Vendor: CODESYS, GmbH  ​Equipment: CODESYS Development System  ​Vulnerability: Uncontrolled Search Path Element.  2. RISK EVALUATION ​Successful exploitation of this vulnerability could cause users to unknowingly launch a malicious binary placed by a local attacker.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​CODESYS reports this vulnerability affects the following versions of CODESYS Development System:  ​CODESYS Development System: versions from 3.5.17.0 and prior to 3.5.19.20  3.2 VULNERABILITY OVERVIEW 3.2.1 ​UNCONTROLLED SEARCH PATH ELEMENT CWE-427  ​In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users’ context.  ​CVE-2023-3662 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).  3.3 BACKGRO...

1. EXECUTIVE SUMMARY CVSS v3 7.5  ATTENTION: Exploitable remotely/low attack complexity/known public exploitation  Vendor: KNX Association  Equipment: KNX devices using KNX Connection Authorization  Vulnerability: Overly Restrictive Account Lockout Mechanism  2. RISK EVALUATION Successful exploitation of this vulnerability could cause users to lose access to their device, potentially with no way to reset the device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following devices using KNX Protocol are affected:  KNX devices using Connection Authorization Option 1 Style in which no BCU Key is currently set: All versions  3.2 VULNERABILITY OVERVIEW 3.2.1 OVERLY RESTRICTIVE ACCOUNT LOCKOUT MECHANISM CWE-645  KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the devi...

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity  Vendor: CODESYS, GmbH  Equipment: CODESYS Development System  Vulnerability: Insufficient Verification of Data Authenticity.  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute a-man-in-the-middle (MITM) attack to execute arbitrary code.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS CODESYS reports this vulnerability affects the following versions of CODESYS Development System:  CODESYS Development System: versions from 3.5.11.0 and prior to 3.5.19.20  3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345  In CODESYS Development System versions from 3.5.11.0 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.  CVE-2023-3663 has been assigned to this vulnerability. A CVSS v3 base scor...

1. EXECUTIVE SUMMARY ​CVSS v3 8.6  ​ATTENTION: Exploitable remotely/low attack complexity  ​Vendor: Rockwell Automation   ​Equipment: 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR Series A, 1732E-12X4M12QCDR Series A, 1732E-16CFGM12QCR Series A, 1732E-16CFGM12P5QCR Series A, 1732E-12X4M12P5QCDR Series A, 1732E-16CFGM12P5QCWR Series B, 1732E-IB16M12R Series B, 1732E-OB16M12R Series B, 1732E-16CFGM12R Series B, 1732E-IB16M12DR Series B, 1732E-OB16M12DR Series B, 1732E-8X8M12DR Series B, 1799ER-IQ10XOQ10 Series B  ​Vulnerability: Out-of-Bounds Write  2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service on the affected products.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of select Input/Output Modules from Rockwell Automation are affected:  ​1734-AENT/1734-AENTR Series C: Versions 7.011 and prior   ​1734-AENT/173...

1. EXECUTIVE SUMMARY CVSS v3 3.3  ATTENTION: low attack complexity  Vendor: CODESYS, GmbH  Equipment: CODESYS Development System  Vulnerability: Improper Restriction of Excessive Authentication Attempts.  2. RISK EVALUATION Successful exploitation of this vulnerability could provide a local attacker with account information.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS CODESYS reports this vulnerability affects the following versions of CODESYS Development System:  CODESYS Development System: versions prior to 3.5.19.20  3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345  A missing brute-force protection in CODESYS Development System prior to 3.5.19.20 could allow a local attacker to have unlimited attempts of guessing the password within an import dialog.  CVE-2023-3669 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).  3.3 BACKGROUND CRITICAL IN...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely delete arbitrary files with system privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software: ThinManager ThinServer: Versions 11.0.0-11.0.6 ThinManager ThinServer: Versions 11.1.0-11.1.6 ThinManager ThinServer: Versions 11.2.0-11.2.6 ThinManager ThinServer: Versions 12.1.0-12.1.6 ThinManager ThinServer: Versions 12.0.0-12.0.5 ThinManager ThinServer: Versions 13.0.0-13.0.2 ThinManager ThinServer: Version 13.1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Due to improper input validation, an integer o...

1. EXECUTIVE SUMMARY ​CVSS v3 9.6 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: AFF66x ​Vulnerabilities: Cross-site Scripting, Use of Insufficiently Random Values, Origin Validation Error, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, NULL Pointer Dereference 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Hitachi Energy reports these vulnerabilities affect the following AFF660/665 products: ​AFF660/665: Firmware 03.0.02 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​CROSS-SITE SCRIPTING CWE-79 ​In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names DNS servers returned via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo could lead to output of wrong hostnames (leading to domain hijacking) or injection...