us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Edimax Equipment: IC-7100 IP Camera Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Edimax products are affected: IC-7100 IP Camera: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device CVE-2025-1316 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Vendor: Hitachi Energy Equipment: MACH PS700 Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain control over the software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: MACH PS700: Version v2 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 Uncontrolled search path element in some Intel(R) Chipset Device Software before Version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-28388 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Swi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low Attack Complexity Vendor: Hitachi Energy Equipment: XMC20, ECST, UNEM Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: XMC20: Versions prior to R16B ECST: Versions prior to 16.2.1 UNEM: Versions prior to R15A UNEM: R15A UNEM: R15B PC4 and prior UNEM: R16A UNEM: R16B PC2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER VALIDATION OF CERTIFICATE WITH HOST MISMATCH CWE-297 Hitachi Energy is aware of a vulnerability that affects the ECST client application which if exploited could allow attackers to intercept or falsify data exchanges between the client and the server. CVE-2024-2462 has been assigned to this vulnerability. A CVSS v3 base score of...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Equipment: Ixia Vision Product Family Vulnerabilities: Path Traversal, Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Keysight reports the following versions of Vision Network Packet Broker product family are affected: Ixia Vision Product Family: Versions 6.3.1 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Limitation of a Pathname to a Restricted Directory CWE-22 Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'Upload' functionality this could be used to execute an arbitrary script or possibly an uploaded binary. Remediation in Version 6.7.0, rel...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: XMC20 Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files or directories outside the authorized scope. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: XMC20: R15A and prior including all subversions XMC20: R15B XMC20: R16A XMC20: R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) and older including all subversions 3.2 VULNERABILITY OVERVIEW 3.2.1 RELATIVE PATH TRAVERSAL CWE-23 Hitachi Energy is aware of a vulnerability that affects the XMC20. If exploited, an attacker could traverse the file system to access files or directories that would otherwise be inaccessible. CVE-2024-2461 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code remotely. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports that the following versions of CNCSoft-G2, a human-machine interface, are affected: CNCSoft-G2: Versions V2.1.0.10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. CVE-2025-22881 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: GMOD Equipment: Apollo Vulnerabilities: Incorrect Privilege Assignment, Relative Path Traversal, Missing Authentication for Critical Function, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, bypass authentication, upload malicious files, or disclose sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following GMOD products are affected: Apollo: All versions prior to 2.8.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Incorrect Privilege Assignment CWE-266 The product does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others. CVE-2025-21092 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; th...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Carrier product, which is a HVAC load calculation program, are affected: Block Load: Version 4.16 3.2 VUNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The vulnerability could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. CVE-2024-10930 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-10930. A base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Communication modules for Modicon M580 and Quantum controllers Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following communication modules for Modicon M580 and Quantum controllers are affected by a vulnerability in VxWorks operating system: Modicon M580 communication modules BMENOC BMENOC0321: Versions prior to SV1.10 Modicon M580 communication modules BMECRA BMECRA31210: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31200: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31210: All versions Modicon Quantum communication modules 140CRA 140CRA31908: ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: PowerFlex 755 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposure of sensitive data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of PowerFlex 755, a motor application control drive software, is affected: PowerFlex 755: Versions 16.002.279 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 The affected version of the product is vulnerable to credential exposure due to using HTTP, resulting in credentials being sent in clear text. This can allow sensitive data to be sniffed and captured by an attacker. CVE-2025-0631 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v...