us-cert

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Delta Electronics ​Equipment: InfraSuite Device Master ​Vulnerabilities: Improper Access Control, Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges or remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Delta Electronics products are affected:  ​InfraSuite Device Master: Versions prior to 1.0.7 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER ACCESS CONTROL CWE-284 ​An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. ​CVE-2023-34316 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.2 ​IMPROPER ACCESS CONTROL CWE-284 ​Delta Electronics In...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity/public exploits are available Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert VXDZ Vulnerability: Improper Control of Generation of Code ('Code Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code and gain access to sensitive information on the machine. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric EcoStruxure Operator Terminal Expert, a human machine interface (HMI) application, are affected: EcoStruxure Operator Terminal Expert: Versions 3.3 SP1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94 Schneider Electric EcoStruxure operator Terminal Expert versions 3.3 SP1 and prior are vulnerable to a code injection attack that could allow an attacker to execute arbitrary code and gain access to all information on the machine. ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Ovarro ​Equipment: TBox RTUs ​Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy, Improper Authorization, Plaintext Storage of a Password 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could result in sensitive system information being exposed and privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following firmware versions of TBox RTUs are affected:  ​TBox MS-CPU32: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) ​TBox MS-CPU32-S2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) ​TBox LT2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) ​TBox TG2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-3660...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: MELSEC-F Series ​Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to login to the product by sending specially crafted packets. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Mitsubishi Electric reports this vulnerability affects the following MELSEC-F Series products if they are used with ethernet communication special adapter FX3U-ENET-ADP or ethernet communication block FX3U-ENET(-L). These products are sold in limited regions: ​FX3U-xMy/z x=16,32,48,64,80,128, y=T,R, z=ES,ESS,DS,DSS *1: All versions ​FX3U-32MR/UA1, FX3U-64MR/UA1 *1: All versions ​FX3U-32MS/ES, FX3U-64MS/ES *1: All versions ​FX3U-xMy/ES-A x=16,32,48,64,80,128, y=T,R *1*2: All versions ​FX3UC-xMT/z x=16,32,64,96, z=D,DSS *1: All versions ​FX3UC-16MR/D-T, FX3UC-16MR/DS-T *1: All versions ​FX3UC-32MT...

1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN, UNEM Products Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could permit an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN: Version R16A FOXMAN-UN: Version R15B FOXMAN-UN: Version R15A UNEM: Version R16A UNEM Version R15B UNEM: Version R15A The following version and sub-versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN: Version R14B  FOXMAN-UN: Version R14A  FOXMAN-UN: Version R11B  FOXMAN-UN: Version R11A  FOXMAN-UN: Version R10C  FOXMAN-UN: Version R9C  UNEM: Version R14B  UNEM: Version R14A  UNEM: Version R11B  UNEM: Version R11A  UNEM: Version R10C  UNEM: Version R9C  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER OUTPUT ...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Advantech ​Equipment: R-SeeNet ​Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to authenticate as a valid user or access files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Advantech reports these vulnerabilities affects the following R-SeeNet monitoring application: ​R-SeeNet: versions 2.4.22 and prior 3.2 VULNERABILITY OVERVIEW ​3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 ​Advantech R-SeeNet is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. ​CVE-2023-2611 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 ​EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73 ​...

1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SpiderControl Equipment: SCADAWebServer Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SCADAWebServer are affected: SCADAWebServer: Versions 2.08 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. CVE-2023-3329 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vecto...

1. EXECUTIVE SUMMARY CVSS v3 8.6  ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Enphase Installer Toolkit Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow sensitive information to be obtained by an attacker using hard-coded credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Installer Toolkit, a software application, is affected:  Installer Toolkit: 3.27.0 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Enphase Installer Toolkit versions 3.27.0 and prior have hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. CVE-2023-32274 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Ener...

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Envoy Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain root access to the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Envoy, an energy monitoring device, is affected: Envoy: D7.0.88 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 Enphase Envoy versions D7.0.88 and prior are vulnerable to a command injection exploit that may allow an attacker to execute root commands. CVE-2023-33869 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: Solid Edge SE2023: All versions prior to V223.0 Update 5 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 Open Design Alliance Drawings SDK (versions before 2024.1) is vulnerable to an out-of-bounds read when reading a DWG file. This could allow an attacker to execute code in the context of the cur...