us-cert

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM CROSSBOW ​Vulnerabilities: Out-of-bounds Read, Improper Privilege Management, SQL Injection, Missing Authentication for Critical Function 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary database queries via SQL injection attacks, create a denial-of-service condition, or write arbitrary files to the application's file system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Siemens reports that the following server application is affected:  ​RUGGEDCOM CROSSBOW: Versions prior to V5.4 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS READ CWE-125 ​An issue found in SQLite3 v.3.35.4 that could allow a remote attacker to cause a denial of service via the appendvfs.c function. ​CVE-2021-31239 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ​Vulnerability: Allocation of Resources without Limits or Throttling 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthorized attacker to cause total loss of availability in the affected devices’ web server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: ​RUGGEDCOM i800: All versions prior to V4.3.8 ​RUGGEDCOM i800NC: All versions prior to V4.3.8 ​RUGGEDCOM i801: All versions prior to V4.3.8 ​RUGGEDCOM i801NC: All versions prior to V4.3.8 ​RUGGEDCOM i802: All versions prior to V4.3.8 ​RUGGEDCOM i802NC: All versions prior to V4.3.8 ​RUGGEDCOM i803: All versions prior to V4.3.8 ​RUGGEDCOM i803NC: All versions prior to V4.3.8 ​RUGGEDCOM M2100: All versions prior to V4.3.8 ​RUGGEDCOM M2100F: All versions ​RUGGEDCOM M2100NC: All versions prior to V4.3.8 ​RUGGEDCOM M2200: All versions...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge ​Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected:  ​Solid Edge SE2023: All versions prior to V223.0 Update 7 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS WRITE CWE-787 ​The affected application contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. ​CVE-2023-39181 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 ​OUT-OF-BOUNDS READ CWE-125 ​The affected applications contain an...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge, JT2Go, and Teamcenter Visualization ​Vulnerabilities: Use After Free, Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​JT2Go: All versions prior to v14.2.0.5 ​Solid Edge SE2022: All versions prior to v222.0 Update 13 ​Solid Edge SE2023: All versions prior to v223.0 Update 4 ​Teamcenter Visualization V13.2: All versions prior to v13.2.0.15 ​Teamcenter Visualization V13.2: All versions prior to v13.2.0.14 ​Teamcenter Visualization V13.3: All versions prior to v13.3.0.11 ​Teamcenter Visualization V14.1: All versions prior to v14.1.0.11 ​Teamcenter Visualization V14.1: All versions prior to v14.1.0.10 ​Teamcenter Visualization V14.2: All versions prior ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: JT Open, JT Utilities, and Parasolid ​Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​JT Open: All versions prior to v11.4 ​JT Utilities: All versions prior to v13.4 ​Parasolid v34.0: All versions prior to v34.0.253 ​Parasolid v34.1: All versions prior to v34.1.243 ​Parasolid v35.0: All versions prior to v35.0.177 ​Parasolid v35.1: All versions prior to v35.1.073 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS READ CWE-125 ​The affected applications contain an out-of-bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. ​CVE-2023-30795 has bee...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: low attack complexity ​Vendor: Schneider Electric ​Equipment: IGSS (Interactive Graphical SCADA System) ​Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow arbitrary code execution or loss of control of the SCADA system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Schneider Electric reports this vulnerability affects the following IGSS (Interactive Graphical SCADA System) products:   ​IGSS Dashboard (DashBoard.exe): v16.0.0.23130 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 ​A deserialization of untrusted data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to arbitrary code execution when an attacker gets the user to open a malicious file. ​CVE-2023-3001 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CV...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: RTU500 series ​Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could cause a buffer overflow and reboot of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Hitachi Energy reports these vulnerabilities affect the following RTU500 series products: ​RTU500 series CMU: Firmware versions 13.3.1–13.3.2 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 ​A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited if the HCI 60870-5-104 is configured with IEC 62351-5 support and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted messa...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Mitsubishi Electric products are affected when either of the following cases apply:  ​The case of transferring data with GT Designer3 Version1(GOT2000) listed below and GOT2000 Series or GOT SIMPLE Series listed below with the Data Transfer Security function enabled.  ​The case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 listed below and GOT2000 series listed below with the Data Transfer Security function enabled.  ​GT Designer3 Version1 (GOT2000): v1.295...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER reports this vulnerability affects the following versions of TelWin SCADA WebInterface: TelWin SCADA WebInterface: versions 3.2 to 6.1 TelWin SCADA WebInterface: versions 7.0 to 7.1 TelWin SCADA WebInterface: versions 8.0 and 9.0 3.2 VULNERABILITY OVERVIEW 3.2.1 PATH TRAVERSAL CWE-35 External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system. CVE-2023-0956 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been ...

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Mitsubishi Electric reports this vulnerability affects the following HMIs when using the “FTP server” function: ​GOT2000 Series, GT21 model: versions 01.49.000 and prior ​GOT SIMPLE, GS21 model: versions 01.49.000 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​PREDICTABLE EXACT VALUE FROM PREVIOUS VALUES CWE-342 ​A denial-of-service and spoofing (session hijacking of data connections) vulnerability exists in the FTP server function on GOT2000 series and GOT SIMPLE series because the port number of a data connection can be easily guessed due to predictable exact valu...