us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1200 CPU Family Vulnerabilities: Improper Resource Shutdown or Release, Improper Validation of Syntactic Correctness of Input 2. RISK EVALUATION The affected devices do not correctly process certain special crafted packets sent to Port 80/tcp and Port 102/tcp, which could allow an attacker to cause a denial of service in the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0): vers:all/<V4.7 Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RL...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dingtian Equipment: DT-R0 Series Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify the device settings and gain administrator access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Dingtian DT-R0 Series are affected: DT-R002: Version V3.1.3044A DT-R008: Version V3.1.1759A DT-R016: Version V3.1.2776A DT-R032: Version V3.1.3826A 3.2 Vulnerability Overview 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. CVE-2025-1283 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 Devices Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIPROTEC 5 7VE85 (CP300): Version V8.80 up to but not including V9.90 Siemens SIPROTEC 5 7SS85 (CP300): Version V8.80 up to but not including V9.90 Siemens SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2): All versions prior t...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Opcenter Intelligence Vulnerabilities: Improper Authentication, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data, Insertion of Sensitive Information into Log File, Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to change passwords for users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens O...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC PCS neo and TIA Administrator Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMOCODE ES V19: Versions prior to V19 Update 1 TIA Administrator: Versions 3.0.4 and prior SIMATIC PCS neo V4.1: Versions prior to V4.1 Update 2 SIMATIC P...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Trimble Cityworks, an asset and work management system, are affected: Cityworks: All versions prior to 23.10 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 Trimble Cityworks versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server. CVE-2025-0994 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: EcoStruxure Power Monitoring Expert (PME): Versions 2022 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 A deserialization of untrusted data vulnerability exists which could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. CVE-2024-9005 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability allows for local privilege escalation, which could lead to the execution of a malicious Dynamic-Link Library (DLL). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric EcoStruxure products and versions, which incorporate Revenera FlexNet Publisher, are affected: EcoStruxure Control Expert: Versions prior to V16.1 EcoStruxure Process Expert: All versions EcoStruxure OPC UA Server Expert: All versions EcoStruxure Control Expert Asset Link: Versions prior to V4.0 SP1 EcoStruxure Machine SCADA Expert Asset Link: All versions EcoStruxure Architecture Builder: Versions prior to V7.0.18 EcoStruxure Operator Terminal Expert: All versions Vijeo Designer: Version prior to V6.3SP1 HF1 EcoStruxure Machine Expert including EcoStruxure Machi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Drive Composer Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers unauthorized access to the file system on the host machine. An attacker can exploit this flaw to run malicious code, which could lead to the compromise of the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following Drive Composer products are affected: Drive Composer entry: Version 2.9.0.1 and prior Drive Composer pro: Version 2.9.0.1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 A vulnerability in drive composer can allow attackers unauthorized access to the file system on the host machine. An attacker can exploit this flaw to run malicious code, which could ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Western Telematic Inc Equipment: NPS Series, DSM Series, CPM Series Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to files on the device's filesystem. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Western Telematic Inc products are affected: Network Power Switch (NPS Series): Firmware Version 6.62 and prior Console Server (DSM Series): Firmware Version 6.62 and prior Console Server + PDU Combo Unit (CPM Series): Firmware Version 6.62 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 External Control of File Name or Path CWE-73 Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a Local File Inclusion Attack (LFI), where any authenticated user has privileged access to files on the device's filesystem. CVE-2025-...