us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain access to devices without proper authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports the following products are affected: ABB ASPECT®-Enterprise ASP-ENT-x: Versions 3.08.03 and prior ABB NEXUS Series NEX-2x: Versions 3.08.03 and prior ABB NEXUS Series: Versions 3.08.03 and prior ABB MATRIX Series MAT-x: Versions 3.08.03 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Several hard-coded credentials for the products internal use are contained in the firmware as plain text information. CVE-2024-51547 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rapid Response Monitoring products are affected: My Security Account App API: Versions prior to 7/29/24 3.2 VULNERABILITY OVERVIEW 3.2.1 Authorization Bypass Through User-Controlled Key CWE-639 Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Carrier product, which is a HVAC load calculation program, are affected: Block Load: Version 4.16 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The vulnerability could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. CVE-2024-10930 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-10930. A base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/A...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Elseta products are affected: Vinci Protocol Analyzer: Versions prior to 3.2.3.19 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. CVE-2025-1265 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.9 has been calculated; the CVSS vector string is (AV:N/AC:L/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send unauthorized HTTPS requests, access sensitive information from HTTPS responses, or use network access to execute remote code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following products are affected: FLXEON Controllers FBXi: Version 9.3.4 and prior FLXEON Controllers FBVi: Version 9.3.4 and prior FLXEON Controllers FBTi: Version 9.3.4 and prior FLXEON Controllers CBXi: Version 9.3.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 Netwo...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SiPass integrated Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the application server, if a specially crafted backup set is used for a restore. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SiPass integrated V2.90: Versions prior to V2.90.3.19 SiPass integrated V2.95: Versions prior to V2.95.3.15 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Manager Vulnerabilities: OS Command Injection, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: myPRO Manager: Versions prior to 1.4 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS Command ('OS COMMAND INJECTION') CWE-78 The affected product is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. CVE-2025-25067 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIPROTEC 5 7SK85 (CP300): All versions prior to V9.90 Siemens SIPROTEC 5 7SJ81 (CP100): All versions Siemens SIPROTEC 5 7SL86 (CP300): All versions prior to V9.90 Siemens SIPROTEC 5 7SL86 (CP200): All versions Siemens SIPROTEC 5 7SJ86 (...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable locally Vendor: Siemens Equipment: SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to achieve privilege escalation or bypass security measures. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SMATIC IPC DiagMonitor: All versions SIMATIC IPC DiagBase: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 The affected device do not properl...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE PXC and TALON TC Series Vulnerabilities: Inadequate Encryption Strength, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability that would allow an attacker to decrypt the passwords of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: APOGEE PXC Series (P2 Ethernet): All versions APOGEE PXC Series (BACnet): All ver...