us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 3.9 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC Products Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain unauthorized access to product control and data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMATIC NET PC Software V14: All versions SIMATIC NET PC Software V15: All versions SIMATIC PCS 7 V8.2: All versions SIMATIC PCS 7 V9.0: All versions SIMATIC PCS 7 V9.1: All versions SIMATIC WinCC: All versions prior to V8.0 SINAUT Software ST7sc: All versions 3.2 VULNERABILITY ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  1. EXECUTIVE SUMMARY ​CVSS v3 9.9 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: POWER METER SICAM Q200 family ​Vulnerabilities: Session Fixation, Improper Input Validation, Cross-Site Request Forgery, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could lead to remote code execution or denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Siemens reports these vulnerabilities were identified in the webserver of the following Q200 devices: ​POWER METER SICAM Q200 family: versions prior to V2.70 3.2 VULNERABILITY OVERVIEW 3.2.1 ​SESSION FIXATION CWE-384 ​...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Totally Integrated Automation (TIA) Portal Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project, without the knowledge of the know-how protection password. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: Totally Integrated Automation Portal (TIA Portal) V14: All versions Totally Integrated Automation Portal (TIA Portal) V15: All versions Totally Integrated Automation Por...

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: SUBNET Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Cross-site Scripting, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious scripts or perform a denial-of-service type attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SUBNET PowerSYSTEM Center, a multi-function management platform, are affected: PowerSYSTEM Center: 2020 U10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. CVE-2023-32659 h...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMOTION Vulnerability: Exposure of Sensitive Information Due to Incompatible Policies 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMOTION C240 (6AU1240-1AA00-0AA0): All versions including V5.4 and later but prior to V5.5 SP1 SIMOTION C240 PN (6AU1240-1AB00-0AA0): All versions including V5.4 and later but prior to V5.5 SP1 SIMOTION D410-2 DP (6AU1410-2AA00...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC V7 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to inject arbitrary code and escalate privileges if a non-default installation path was chosen during installation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected:  SIMATIC WinCC: All versions prior to V7.5.2.13 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 Affected applications fail to set proper access rights for t...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 TM MFP Vulnerabilities: Improper Input Validation, Out-of-bounds Read, Use After Free, Out-of-bounds Write, Infinite Loop, Reachable Assertion, Off-by-one Error, Incorrect Default Permissions, Double Free, Improper Handling of Exceptional Conditions, Integer Overflow or Wraparound, NULL Pointer Dereference, Release of Invalid Pointer or Reference, Race Condition, Improper Restriction of Operations within the Bounds of a Memory Buffer, Non-exit on Failed Initialization, Missing Encryption of Sensitive Data, Classic Buffer Overflow, Uncontrolled Re...

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY ​CVSS v3 7.2 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: SICAM A8000 Devices ​Vulnerabilities: Command Injection, Use of Hard-coded Credentials, Exposed Dangerous Method or Function 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker, with direct physical access, to crack the root password to login to the device or remotely execute arbitrary code with root privileges.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05 ​CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to C...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC S7-PM, SIMATIC STEP 7 V5 Vulnerability: Improper Control of Generation of Code ('Code Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected:  SIMATIC PCS 7: All versions SIMATIC S7-PM: All versions SIMATIC STEP 7 V5: All versions prior to V5.7 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPE...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: Solid Edge SE2023: All versions prior to V223.0 Update 5 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 Open Design Alliance Drawings SDK (versions before 2024.1) is vulnerable to an out-of-bounds read when reading a DWG file. This could allow an attacker to execute code in the context of the cur...