us-cert

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SIPROTEC 5 Devices  Vulnerability: NULL Pointer Dereference  2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition of the target device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIPROTEC 5 6MD85 (CP200): All versions (v)  SIPROTEC 5 6MD85 (CP300): All versions prior to v9.40  SIPROTEC 5 6MD86 (CP200): All versions  SIPROTEC 5 6MD86 (CP300): All versions prior to v9.40  SIPROTEC 5 6MD89 (CP300): All versions  SIPROTEC 5 6MU85 (CP300): All versions prior to v9.40  SIPROTEC 5 7KE85 (CP200): All versions  SIPROTEC 5 7KE85 (CP300): All versions prior to v9.40  SIPROTEC 5 7SA82 (CP100): All versions  SIPROTEC 5 7SA82 (CP150): All versions prior to v9.40  SIPROTEC 5 7SA84 (CP200): All versions  SIPROTEC 5 7SA86 (CP200): All versions  SIPROTEC 5 7SA86 (CP300): All versions pr...

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable with adjacent access  Vendor: Siemens  Equipment: SCALANCE X-200IRT Devices  Vulnerability: Inadequate Encryption Strength  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker in a machine-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2  SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2  SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2  SCALANCE X202-2IRT (6GK5202-2BB00-2BA3): All versions prior to V5.5.2  SCALANCE X202-2IRT (6GK5202-2BB10-2BA3): All versions prior to V5.5.2  SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): All versions prior to V5.5.2  SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity   Vendor: Siemens   Equipment: OPC Foundation Local Discovery Server  Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a malicious file loaded by OPC Foundation Local Discovery Server (running as a high-privilege user).  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  OpenPCS 7 V9.1: All versions   SIMATIC NET PC Software V14: All versions  SIMATIC NET PC Software V15: All versions  SIMATIC NET PC Software V16: All versions  SIMATIC NET PC Software V17: All versions  SIMATIC NET PC Software V18: All versions  SIMATIC Process Historian OPC UA Server: All versions  SIMATIC WinCC: All versions prior to V8.0  SIMATIC WinCC Runtime Professional: All versions  SIMATIC WinCC Unified PC Runtime: All versions prior to V18.0 UPD 1 SR 1  TeleControl Server Basic V3: All versions  3.2 VULNERABILITY...

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity  Vendor: Siemens  Equipment: TIA Portal  Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  TIA Portal V15: All versions  TIA Portal V16: All versions  TIA Portal V17: All versions  TIA Portal V18: All versions prior to v18 Update 1  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20  Affected products contain a path traversal vulnerability that could allow the creation or overwriting of arbitrary files in the engineering system. If the user is tricked into opening a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.  CVE-2023-26293 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity  Vendor: Siemens   Equipment: JT Open and JT Utilities  Vulnerability: Out-of-bounds Read  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens software is affected:  JT Open: All versions prior to V11.3.2.0  JT Utilities: All versions prior to V13.3.0.0  3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125  The affected applications contain an out-of-bounds read vulnerability past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.  CVE-2023-29053 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).  3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS...

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity   Vendor: Siemens Equipment: Adaptec maxView Application Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor  2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to decrypt intercepted local traffic between the browser and the application. A local attacker could perform a machine-in-the-middle attack to modify data in transit.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIMATIC IPC1047: All versions   SIMATIC IPC1047E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  SIMATIC IPC647D: All versions  SIMATIC IPC647E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  SIMATIC IPC847D: All versions  SIMATIC IPC847E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF S...

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely  Vendor: FANUC  Equipment: ROBOGUIDE-HandlingPRO  Vulnerability: Path Traversal  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and/or overwrite files on the system running the affected software.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ROBOGUIDE-HandlingPRO, a robot simulation software, are affected:  ROBOGUIDE-HandlingPRO: Versions 9 Rev.ZD and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITA8TION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22  FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software.  CVE-2023-1864 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).  3.3 BACKGROUND CRITIC...

1. EXECUTIVE SUMMARY CVSS v3 7.8  ATTENTION: Low attack complexity   Vendor: JTEKT ELECTRONICS CORPORATION  Equipment: Screen Creator Advance 2  Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Use After Free  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of JTEKT ELECTRONICS Screen Creator Advance 2, a software program, are affected:  JTEKT ELECTRONICS Screen Creator Advance 2: Ver0.1.1.4 Build01  3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787  When an out-of-specification error is detected, an out-of-bounds write may occur because there is no error handling process. CVE-2023-22345 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).  3.2.2 OUT-OF-BOUNDS READ CWE-125  An out-of-bounds read may occur ...

1. EXECUTIVE SUMMARY CVSS v3 8.8  ATTENTION: Exploitable remotely/low attack complexity  Vendor: Korenix  Equipment: Jetwave  Vulnerabilities: Command Injection, Uncontrolled Resource Consumption  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the underlying operating system of the device or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Korenix Jetwave, are affected:  Korenix JetWave4221 HP-E versions V1.3.0 and prior  Korenix JetWave 3220/3420 V3 versions prior to V1.7  Korenix JetWave 2212G version V1.3.T  Korenix JetWave 2212X/2112S version V1.3.0  Korenix JetWave 2211C versions prior to V1.6  Korenix JetWave 2411/2111 versions prior to V1.5  Korenix JetWave 2411L/2111L versions prior to V1.6  Korenix JetWave 2414/2114 versions prior to V1.4  Korenix JetWave 2424 versions prior to V1.3  Korenix JetWave 2460 versions prior to V1.6  3.2 VULNERABILITY OVERVIE...

1. EXECUTIVE SUMMARY CVSS v3 9.1  ATTENTION: Exploitable remotely/low attack complexity/public exploits are available  Vendor: Industrial Control Links  Equipment: ScadaFlex II SCADA Controllers  Vulnerability:  External Control of File Name or Path  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to overwrite, delete, or create files.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Industrial Control Links ScadaFlex II SCADA Controllers are affected:  SW: 1.03.07 (build 317), WebLib: 1.24  SW: 1.02.20 (build 286), WebLib: 1.24  SW: 1.02.15 (build 286), WebLib: 1.22  SW: 1.02.01 (build 229), WebLib: 1.16  SW: 1.01.14 (build 172), WebLib: 1.14  SW: 1.01.01 (build 2149), WebLib: 1.13  3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73  On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 devices, unauthenticated remote attackers can overwrite, delete, or create files. This allows an atta...