Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Scada-LTS Equipment: Scada-LTS Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow loss of sensitive information and execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Scada-LTS, an open-source HMI, are affected: Scada-LTS Versions 2.7.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 Scada-LTS versions 2.7.4 and prior are vulnerable to cross-site scripting. This could allow a remote attacker to craft malicious URLs that may execute arbitrary code in an authenticated user’s browser and print sensitive information. CVE-2015-1179 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/...
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ME RTU, a remote terminal unit, are affected: ME RTU: versions prior to 3.36 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to operating system (OS) command injection, which could allow an attacker to remotely execute arbitrary code. CVE-2023-2131 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy, Water and Wastewater, Transportation COUNTRIES/AREAS DEPLOYED: ...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: APC Easy UPS Online Monitoring Software, Schneider Electric Easy UPS Online Monitoring Software Vulnerabilities: Missing Authentication for Critical Function, Improper Handling of Case Sensitivity 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution, escalation of privileges, or authentication bypass, which then result in malicious web code execution or loss of device functionality. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Easy UPS Online Monitoring Software for Windows 10, 11, Windows Server 2016, 2019, 2022 are affected: APC Easy UPS Online Monitoring Software: Version V2.5-GA-01-22320 and prior Schneider Electric Easy UPS Online Monitoring Software: Version V2.5-GA-01-22320 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 A v...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ Series Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information in the file system and memory. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron CS/CJ series, programmable logic controllers, are affected: SYSMAC CJ2H-CPU6[]-EIP: all versions SYSMAC CJ2H-CPU6[]: all versions SYSMAC CJ2M-CPU[][]: all versions SYSMAC CJ1G-CPU[][]P: all versions SYSMAC CS1H-CPU[][]H: all versions SYSMAC CS1G-CPU[][]H: all versions SYSMAC CS1D-CPU[][]HA: all versions SYSMAC CS1D-CPU[][]H: all versions SYSMAC CS1D-CPU[][]SA: all versions SYSMAC CS1D-CPU[][]S: all versions SYSMAC CS1D-CPU[][]P: all versions 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 Omron CS/CJ series programmable...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CPCI85 Firmware of SICAM A8000 Devices Vulnerability: Improper Neutralization of Special Elements used in a Command ('Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05 CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to CPCI85 V05 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 Affected devices are vulnerable to command injection via the web server port 443/TCP if the parameter “Remote Operation” is enabled; this parameter is disabled by default. This vulnerability could allow an unauthenticated remote at...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Use After Free, Deadlock, Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): All versions SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants): All versions SIMATIC CP 1243-1 IEC (incl. SIPLUS variants): All v...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-200, X-200IRT, and X-300 Switch Families Vulnerabilities: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to memory corruption. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports these vulnerabilities affect the following SCALANCE Switch Family products: SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2 SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2 SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2 SCALA...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE XCM332 Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-bounds Write, and Improper Validation of Syntactic Correctness of Input 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition, code execution, data injection, and allow unauthorized access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: SCALANCE XCM332 (6GK5332-0GA01-2AC2): Versions prior to 2.2 3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770 In versions of libtirpc prior to 1.3.3rc1, remote attackers could exhaust the file descriptors of a process using libtirpc due to mishandling of idle TC...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/high attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to potentially disclose confidential data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens Polarion ALM products are affected: Polarion ALM: all versions prior to V2304.0 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 The application contains an XML external entity injection (XXE) vulnerability. This could allow an attacker t...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric India Equipment: GC-ENET-COM Vulnerability: Signal Handler Race Condition 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a communication error and may result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric India Ethernet communication Extension unit GC-ENET-COM, are affected: Mitsubishi Electric India GC-ENET-COM: Models with the beginning serial number 16XXXXXXXXX. 3.2 VULNERABILITY OVERVIEW 3.2.1 SIGNAL HANDLER RACE CONDITION CWE-364 A vulnerability exists in the Ethernet communication Extension unit (GC-ENET-COM) of GOC35 series due to a signal handler race condition. If a malicious attacker sends a large number of specially crafted packets, communication errors could occur and could result in a denial-of-service condition when GC-ENET-COM is configured a...