us-cert

1. EXECUTIVE SUMMARY CVSS v3 6.7  ATTENTION: Public exploits are available Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Products Vulnerabilities: Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s MicroSCADA Pro/X SYS600 products are affected: SYS600: 9.4 FP2 Hotfix 5 and earlier SYS600: 10.1.1 and earlier 3.2 VULNERABILITY OVERVIEW 3.2.1 PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264   The ActiveBar ActiveX control distributed in ActBar.ocx 1.0.3.8 in SYS600 product does not properly restrict the SetLayoutData method, which could allow attackers to execute arbitrary code via a crafted data argument. CVE-2011-1207 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:R/S:...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Carlo Gavazzi Equipment: Powersoft Vulnerabilities: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access and retrieve any file from the server.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Carlo Gavazzi Powersoft, an energy management software, are affected: Powersoft: Versions 2.1.1.1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 Carlo Gavazzi Powersoft versions 2.1.1.1 and prior have a directory traversal vulnerability that can allow an attacker to access and retrieve any file through specially crafted GET requests to the server. CVE-2017-20184 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)...

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Snap One Equipment: OvrC Cloud, OvrC Pro Devices Vulnerabilities: Improper Input Validation, Observable Response Discrepancy, Improper Access Control, Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, Open Redirect, Use of Hard-coded Credentials, Hidden Functionality 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impersonate and claim devices, execute arbitrary code, and disclose information about the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Snap One component is affected: OvrC Pro version 7.1 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests t...

1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Equipment: ArmorStart Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious user to view and modify sensitive data or make the web page unavailable. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell ArmorStart are affected: ArmorStart ST281E: Version 2.004.06 and later ArmorStart ST284E: All versions ArmorStart ST280E: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20  A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. CVE-2023-29031 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVS...

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Vantagepoint Vulnerabilities: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to impersonate an existing user or execute a cross site request forgery (CSRF) attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk Vantagepoint are affected: FactoryTalk Vantagepoint: All versions prior to 8.40 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345 The affected product is vulnerable to a CSRF attack, which could allow an attacker to impersonate a legitimate user. CVE-2023-2444 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUN...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Third-party components libexpat and libcurl in SINEC NMS Vulnerabilities: Expected Behavior Violation, Improper Validation of Syntactic Correctness of Input, Stack-based Buffer Overflow, Use After Free, Double Free, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation these vulnerabilities could allow an attacker to impact SINEC NMS confidentiality, integrity, and availability.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products are affected: Third-Party components used in SINEC NMS: All versions prior to V1.0.3.1 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPECTED BEHAVIOR VIOLATION CWE-440 When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send—even when the `CURLOPT_POSTFIELDS` option has been set—if the same handle previously was used to issue a `PUT` reque...

1. EXECUTIVE SUMMARY CVSS v3 9.9  ATTENTION: Exploitable remotely/low attack complexity Vendor:  Siemens Equipment: Siveillance Video Vulnerabilities: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute code on the affected system.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports these vulnerabilities affect the following IP video management software:  Siveillance Video 2020 R2: all versions prior to V20.2 HotfixRev14 Siveillance Video 2020 R3: all versions prior to V20.3 HotfixRev12 Siveillance Video 2021 R1: all versions prior to V21.1 HotfixRev12 Siveillance Video 2021 R2: all versions prior to V21.2 HotfixRev8 Siveillance Video 2022 R1: all versions prior to V22.1 HotfixRev7 Siveillance Video 2022 R2: all versions prior to V22.2 HotfixRev5 Siveillance Video 2022 R3: all versions prior to V22.3 HotfixRev2 Siveillance Video 2023 R1: all versions prior to V23.1 HotfixRe...

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Command Injection, Creation of Temporary File with Insecure Permissions, Path Traversal, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation these vulnerabilities could allow an attacker to gain access to the device as root or create a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected:  SCALANCE LPE9403 (6GK5998-3GS00-2AC2): Versions prior to 2.1 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 The web-based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as root. CVE-2023-27407 has been assigned to this vulnerability. A C...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: NULL Pointer Dereference, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or crash the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Solid Edge SE2023: All versions prior to V223.0 Update 3 Solid Edge SE2023: All versions prior to V223.0 Update 2 3.2 VULNERABILITY OVERVIEW 3.2.1 NULL POINTER DEREFERENCE CWE-476  STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in an application crash.  CVE-2023-0973 has been assigned to this vulnerability. A CVSS v3 base score of 2.2 has been assigned; the CVSS vector string ...

1. EXECUTIVE SUMMARY CVSS v3 7.2  ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Cloud Connect 7 Vulnerabilities: Improper Neutralization of Special Elements used in a Command ('Command Injection'), Use of Hard-coded Password, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Standardized Error Handling Mechanism, Exposure of Sensitive Information to an Unauthorized Actor, Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected:  SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): All versions V2.0 to V2.1 SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): All versions prior to V2.1 SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): All versions V2.0 to V2.1 SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): All version...