us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Improper Control of Generation of Code ('Code Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to system configuration files and execute DLLs with elevated privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Factory Talk are affected: FactoryTalk: All versions prior to 15.0 FactoryTalk View SE: All versions prior to 15.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Incorrect Permission Assignment for Critical Resource CWE-732 An incorrect permission assignment vulnerability exists in Rockwell Automation FactoryTalk products on all versions prior to Version 15.0. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow fo...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Vulnerabilities: Incorrect Authorization, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code on the device with elevated privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk View ME are affected: FactoryTalk View ME: All versions prior to 15.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Incorrect Authorization CWE-863 A local code execution vulnerability exists in in Rockwell Automation FactoryTalk products on all versions prior to version 15.0. The vulnerability is due to a default setting in Windows and allows access to the command prompt as a higher privileged user. CVE-2025-24479 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calcu...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Power Logic Vulnerabilities: Authorization Bypass Through User-Controlled Key, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify data or cause a denial-of-service condition on web interface functionality. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Power Logic: v0.62.7 (CVE-2024-10497) Schneider Electric Power Logic: v0.62.7 and prior (CVE-2024-10498) 3.2 VULNERABILITY OVERVIEW 3.2.1 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639 An authorization bypass through user-controlled key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the att...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: DataMosaix Private Cloud Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of these vulnerabilities could overwrite reports, including user projects. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of DataMosaix Private Cloud are affected: DataEdgePlatform DataMosaix Private Cloud: Version 7.11 and prior (CVE-2025-0659) DataEdgePlatform DataMosaix Private Cloud: Versions 7.09 and prior (CVE-2020-11656) 3.2 VULNERABILITY OVERVIEW 3.2.1 Exposure of Sensitive Information to an Unauthorized Actor CWE-200 A path traversal vulnerability exists in DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the in...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Electric RemoteConnect and SCADAPack x70 Utilities Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: RemoteConnect: All versions SCADAPackTM x70 Utilities: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. CVE-2024-12703 has been assigned to this vulnerability. A CVSS v3 ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS B&R reports that the following products are affected: B&R Automation Runtime: versions prior to 6.1 B&R mapp View: versions prior to 6.1 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 A "Use of a Broken or Risky Cryptographic Algorithm" vulnerability in the SSL/TLS component used in B&R Automation Runtime versions <6.1 and B&R mapp View versions <6.1 may be abused by unauthenticated network-based attackers to masquerade as legitimate services on impacted devices. CVE-2024-8603 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: HMS Networks Equipment: Ewon Flexy 202 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive user credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following HMS Networks products are affected: Ewon Flexy 202: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Cleartext Transmission of Sensitive Information CWE-319 EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage. CVE-2025-0432 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-0432. A base score of 6.9 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:P/VC:H...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to potentially execute arbitrary code when opening a malicious project file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following versions of EcoStruxure Power Build, a configuration program for panel builders, are affected: EcoStruxure Power Build Rapsody: Version v2.5.2 NL and prior EcoStruxure Power Build Rapsody: Version v2.7.1 FR and prior EcoStruxure Power Build Rapsody: Version v2.7.5 ES and prior EcoStruxure Power Build Rapsody: Version v2.5.4 INT and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 An improper restriction of operations within the bounds of a...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series products Vulnerability: Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following RTU500 series products are affected: RTU500 series CMU Firmware: Version 13.5.1 up to and including 13.5.3 RTU500 series CMU Firmware: Version 13.4.1 up to and including 13.4.4 RTU500 series CMU Firmware: Version 13.2.1 up to and including 13.2.7 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPERLY IMPLEMENTED SECURITY CHECK FOR STANDARD CWE-358 A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: myPRO Manager: Versions prior to 1.3 myPRO Runtime: Versions prior to 9.2.1 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. CVE-2025-20061 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has be...