us-cert

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available  Vendor: ProPump and Controls, Inc.  Equipment: Osprey Pump Controller  Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of Hard-coded Password, OS Command Injection, Cross-site Scripting, Authentication Bypass using an Alternate Path or Channel, Cross-Site Request Forgery, Command Injection  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, retrieve sensitive information, modify data, cause a denial-of-service, and/or gain administrative control.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Osprey Pump Controller, pumping systems, and automated controls is affected:  Osprey Pump Controller version 1.01  3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT ENTROPY CWE-331  Osprey Pump Controller version 1.01 is vulnerable to a predicta...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Sever Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges in the affected device’s default configuration, resulting in remote code execution or deleting system files and folders. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Keysight monitoring products are affected: N6854A Geolocation Server versions 2.4.2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1    DESERIALIZATION OF UNTRUSTED DATA CWE-502 N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. CVE-2023-1399 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens ProductCERT  Equipment: RADIUS client of SIPROTEC 5 devices  Vulnerability: Loop with Unreachable Exit Condition ('Infinite Loop')  2. RISK EVALUATION The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial-of-service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIPROTEC 5 6MD85 (CP300) - >= V7.80 = V7.80 = V7.80  SIPROTEC 5 6MU85 (CP300) - >= V7.90 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 =...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Deserialization of Untrusted Data, Improper Access Control, Exposed Dangerous Method or Function, Path Traversal, Improper Authentication, Command Injection, Incorrect Permission Assignment for Critical Resource, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of InfraSuite Device Master, a real-time device monitoring software, are affected: Versions prior to 1.0.5 3.2 VULNERABILITY OVERVIEW 3.2.1    DESERIALIZATION OF UNTRUSTED DATA CWE-502 Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-stat...

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity  Vendor: VISAM  Equipment: VBASE  Vulnerabilities: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information from the target device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS VISAM reports these vulnerabilities affect the following VBASE products:   VBASE Automation Base: versions prior to 11.7.5  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611  Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.  CVE-2022-41696 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).  3.2.2 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611  Versions of VISAM VBASE Automation Base prior t...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity/public exploits available  Vendor: Siemens ProductCERT  Equipment: RUGGEDCOM APE1808 Product Family  Vulnerabilities: Time-of-check Time-of-use (TOCTOU) Race Condition  2. RISK EVALUATION Exploitation of these vulnerabilities on affected products could lead to system crashing or escalation of privileges.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0) - vers:all/*  RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1) - vers:all/*  RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0) - vers:all/*  RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Rockwell Automation   Equipment: ThinManager ThinServer  Vulnerabilities: Path Traversal, Heap-Based Buffer Overflow  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to potentially perform remote code execution on the target system/device or crash the software.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software, are affected:  ThinManager ThinServer: Versions 6.x – 10.x  ThinManager ThinServer: Versions 11.0.0 – 11.0.5  ThinManager ThinServer: Versions 11.1.0 – 11.1.5  ThinManager ThinServer: Versions 11.2.0 – 11.2.6  ThinManager ThinServer: Versions 12.0.0 – 12.0.4  ThinManager ThinServer: Versions 12.1.0 – 12.1.5  ThinManager ThinServer: Versions 13.0.0 – 13.0.1  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMIT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely  Vendor: Siemens  Equipment: Various third-party components used in SCALANCE W-700 devices  Vulnerabilities: Generation of Error Message Containing Sensitive Information, Out-of-bounds Write, NULL Pointer Dereference, Out-of-bounds Read, Improper Input Validation, Release of Invalid Pointer or Reference, Use After Free, Prototype Pollution  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclose sensitive data.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE WAM763-1 (6GK57...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Rockwell Automation   Equipment: ThinManager ThinServer  Vulnerabilities: Path Traversal, Heap-Based Buffer Overflow  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to potentially perform remote code execution on the target system/device or crash the software.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software, are affected:  ThinManager ThinServer: Versions 6.x – 10.x  ThinManager ThinServer: Versions 11.0.0 – 11.0.5  ThinManager ThinServer: Versions 11.1.0 – 11.1.5  ThinManager ThinServer: Versions 11.2.0 – 11.2.6  ThinManager ThinServer: Versions 12.0.0 – 12.0.4  ThinManager ThinServer: Versions 12.1.0 – 12.1.5  ThinManager ThinServer: Versions 13.0.0 – 13.0.1  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMIT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Siemens   Equipment: RUGGEDCOM CROSSBOW  Vulnerabilities: Missing Authorization, SQL Injection  2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated remote attackers to access restricted data or execute arbitrary database queries via an SQL injection attack.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  Siemens RUGGEDCOM CROSSBOW: All versions prior to V5.3  3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHORIZATION CWE-862  In the affected application, the client query handler fails to check for pro...