us-cert

1. EXECUTIVE SUMMARY CVSS v3 8.4  ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information or steal the unsuspecting user’s session.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected:  SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0): All versions SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0): All versions SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (e.g., authentication frames or re-associa...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PanelView 800, a graphics terminal, are affected:  PanelView 800-2711R-T4T: Version 5.011 to 8.011 PanelView 800-2711R-T7T: Version 5.011 to 8.011 PanelView 800-2711R-T10T: Version 5.011 to 8.011 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 The affected product is vulnerable to an out-of-bounds write, which could allow an attacker to accomplish a heap buffer overflow if the user has the email feature enabled in the project file  WolfSSL uses. This feature is disabled by default. CVE-2020-36177 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ...

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Kinetix 5500 EtherNet/IP Servo Drive Vulnerabilities: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could create a denial-of-service condition or allow attackers unauthorized access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Kinetix 5500 EtherNet/IP Servo Drive, an industrial control router, are affected: Kinetix 5500 devices manufactured between May 2022 and January 2023: Version 7.13 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284 Rockwell Automation Kinetix 5500 devices manufactured between May 2022 and January 2023 running Version 7.13 have telnet and file transfer protocol (FTP) ports open by default. This could allow an attacker access to the device. CVE-2023-1834 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been assigned; the CV...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve critical data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SDG PnPSCADA products are affected: PnPSCADA (cross platforms): v2.* 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT d...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerabilities: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to decrypt traffic sent between the client and server application programming interface (API), resulting in unauthorized access to information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ThinManager, a software management platform, are affected: ThinManager: Versions 13.0 to 13.0.1 3.2 VULNERABILITY OVERVIEW 3.2.1 INADEQUATE ENCRYPTION STRENGTH CWE-326 The affected product allows the use of medium-strength ciphers. If the client requests an insecure cipher, then a malicious actor could decrypt traffic sent between the client and server API. CVE-2023-2443 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (/AV:N/AC:L/PR:N/UI:N/...

1. EXECUTIVE SUMMARY CVSS v3 10.0  ATTENTION: Exploitable remotely/low attack complexity Vendor: Teltonika Equipment: Remote Management System and RUT model routers Vulnerabilities: Observable Response Discrepancy, Improper Authentication, Server-Side Request Forgery, Cross-site Scripting, Inclusion of Web Functionality from an Untrusted Source, External Control of System of Configuration Setting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could expose sensitive device information and device credentials, enable remote code execution, expose connected devices managed on the network, and allow impersonation of legitimate devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Teltonika products are affected: Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588) Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2...

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: BirdDog Equipment: STUDIO R3, 4K QUAD, MINI, A300 EYES Vulnerabilities: Cross-Site Request Forgery, Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code or obtain unauthorized access to the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following BirdDog camera and encoder versions are affected: 4K QUAD:  Versions 4.5.181 and 4.5.196 MINI: Version 2.6.2 A300 EYES: Version 3.4 STUDIO R3: Version 3.6.4 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352 The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. CVE-2023-2505 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N). 3.2.2 USE OF HARD-CODED CREDENTIALS...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity  Vendor: Hitachi Energy  Equipment: Modular Switchgear Monitoring (MSM)  Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Capture-replay, Code Injection, Improper Restriction of Operations within the Bounds of a Memory Buffer, NULL Pointer Dereference, Insufficient Entropy  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain user access credentials of the MSM web interface or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected:  MSM: 2.2.5 and earlier  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307  The code that performs password matching when using 'basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. An unauthenticated network att...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity  Vendor: Mitsubishi Electric  Equipment: Factory Automation (FA) Products  Vulnerabilities: Dependency on Vulnerable Third-Party Component  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious attacker to escalate privileges, disclose parameter information in the affected products, and cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric Factory Automation products are affected:  MELIPC Series  MI5122-VM: All versions  MI1002-W: All versions  MI2012-W: All versions  MI3321G-W: All versions  MI3315G-W: All versions  MELSEC iQ-R Series  R102WCPU-W: All versions  MELSEC Q Series  Q24DHCCPU-V: All versions  Q24DHCCPU-VG: All versions  Q24DHCCPU-LS: All versions   Q26DHCCPU-LS: All versions  3.2 VULNERABILITY OVERVIEW 3.2.1 DEPENDENCY ON VULNERABLE THIRD-PARTY COMPONENT CWE-1395  These vulnerabilities in Intel products ...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Keysight  Equipment: N8844A Data Analytics Web Service  Vulnerability: Deserialization of Untrusted Data  2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Keysight reports this vulnerability affects the following data analytics web service software:   N8844A Data Analytics Web Service: Version 2.1.7351 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502  Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.  CVE-2023-1967 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).  3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Communications, Government  COUNTRIES/AREAS DEPLOYED: Worldwi...