us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE and RUGGEDCOM Vulnerabilities: Incorrect Authorization, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to circumvent authorization checks and perform actions that exceed the permissions of the "guest" role. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens RUGGEDCOM RST2428P (6GK6242-6PA00): All versions prior to V3.2 Siemens SCALANCE XCM324 (6GK5324-8TS...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE and RUGGEDCOM Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform actions that exceed the permissions of the "guest" role. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens RUGGEDCOM RST2428P (6GK6242-6PA00): All versions prior to V3.1 Siemens SCALANCE XCM324 (6GK5324-8TS01-2AC2): All versions prior to V3.1 Siemens SCALANCE XCM328 (6GK5328-4TS01-2AC2): All versions prior to V3.1 Siemens SCALANCE X...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Data Archive Vulnerabilities: Uncaught Exception, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could shut down necessary subsystems and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PI Data Archive, as delivered by PI Server are affected: PI Data Archive: Versions 2018 SP3 Patch 4 and prior (CVE-2025-44019) PI Data Archive: Version 2023 (CVE-2025-44019, CVE-2025-36539) PI Data Archive: Version 2023 Patch 1 (CVE-2025-44019, CVE-2025-36539) PI Server: Versions 2018 SP3 Patch 6 and prior (CVE-2025-44019) PI Server: Version 2023 (CVE-2025-44019, CVE-2025-36539) PI Server: Version 2023 Patch 1 (CVE-2025-44019, CVE-2025-36539) 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCAUGHT EXCEPTION CWE-248 The affected products are vulnerable to an uncaught exception that, if explo...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Energy Services Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Energy Services: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276 Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: Relion 670, 650, SAM600-IO Series Vulnerability: Observable Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to decrypt application data in transit. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Relion 670: Version 2.2.0 Relion 670: Version 2.2.1 Relion 650: Version 2.2.0 Relion 650: Version 2.2.1 Relion 670: Versions 2.2.2.0 through 2.2.2.5 Relion 670: Versions 2.2.3.0 through 2.2.3.6 Relion 670: Versions 2.2.4.0 through 2.2.4.3 Relion 650: Versions 2.2.4.0 through 2.2.4.3 Relion 670: Versions 2.2.5.0 through 2.2.5.5 Relion 650: Versions 2.2.5.0 through 2.2.5.5 SAM600-IO: Version 2.2.1 SAM600-IO: Versions from 2.2.5.0 up to but not including, 2.2.5.5 3.2 VULNERABILITY OVERVIEW 3.2.1 OBSERVABLE DISCREPANCY CWE-203 A timing-based side channel exists in the OpenSSL RSA...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: SinoTrack Equipment: All Known SinoTrack Devices Vulnerabilities: Weak Authentication, Observable Response Discrepency 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. Access to the device profile may allow an attacker to perform some remote functions on connected vehicles such as tracking the vehicle location and disconnecting power to the fuel pump where supported. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following SinoTrack products are affected: SinoTrack IOT PC Platform: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK AUTHENTICATION CWE-1390 A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default passwor...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670, Relion 650, SAM600-IO Vulnerabilities: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption on the products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Relion 670/650/SAM600-IO series: Version 2.2.5 revisions up to 2.2.5.1 Relion 670/650 series: Version 2.2.4 revisions up to 2.2.4.2 Relion 670 series: Version 2.2.3 revisions up to 2.2.3.4 Relion 670 series: Version 2.2.2 revisions up to 2.2.2.4 Relion 670/650/SAM600-IO series: Version 2.2.1 revisions up to 2.2.1.7 Relion 670/650 series version 2.2.0: All revisions Relion 670/650 series version 2.1: All revisions Relion 670 series version 2.0: All revisions Relion 670 series version 1.2: All revisions Relion 670 series version 1.1: All r...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: CyberData Equipment: 011209 SIP Emergency Intercom Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, SQL Injection, Insufficiently Protected Credentials, Path Traversal: '.../...//' 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following CyberData products are affected: 011209 SIP Emergency Intercom: Versions prior to 22.0.1 3.2 VULNERABILITY OVERVIEW 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path. CVE-2025-30184 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calcu...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric product is affected: EcoStruxure Power Build Rapsody: v2.7.12 FR and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. CVE-2025-3916 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). A CVSS v4 score has also been...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Wiser AvatarOn 6K Freelocate, Wiser Cuadro H 5P Socket Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject code or bypass authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric products are affected: Wiser AvatarOn 6K Freelocate: All versions Wiser Cuadro H 5P Socket: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass. This issue affects "Standalon...