us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: NX Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the application or execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens NX, an integrated toolset, are affected: NX: All versions prior to V2406.3000 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected applications contain an out-of-bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the appli...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Historian Server Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to get read and write access to the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Historian Server, a Process database, are affected: Historian Server: Version 2023 R2 Historian Server: Versions 2023 to 2023 P03 Historian Server: Versions 2020 to 2020 R2 SP1 P01 3.2 Vulnerability Overview 3.2.1 CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL. CVE-2024-6456 has been assigned to this vulne...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from adjacent network. Vendor: PTC Equipment: Kepware ThingWorx Kepware Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the target device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PTC reports that the following products and versions are affected: PTC Kepware ThingWorx Kepware Server: V6 PTC Kepware KEPServerEX: V6 Software Toolbox TOP Server: V6 GE IGS: V7.6x 3.2 Vulnerability Overview 3.2.1 Allocation of Resources Without Limits or Throttling CWE-770 When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: DataMosaix Private Cloud Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to generate cookies for a user ID without the use of a username or password, resulting in the malicious actor to take over the account. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation's DataMosaix Private Cloud are affected: DataMosaix Private Cloud: Versions prior to 7.07 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHENTICATION CWE-287 An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: AADvance Standalone OPC-DA Server Vulnerabilities: Improper Input Validation, Use of Externally Controlled Format String 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code in the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation AADvance Standalone OPC-DA Server are affected: AADvance Standalone OPC-DA Server: Versions v2.01.510 and later 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 An arbitrary code execution vulnerability exists in the affected product. The log4net config file does not disable XML external entities. CVE-2018-1285 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 USE OF EXTERNALLY ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix 5380, ControlLogix 5580, GuardLogix 5580, Compact GuardLogix 5380, CompactLogix 5480 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: CompactLogix 5380 (5069 - L3z): Versions prior to v36.011, v35.013, v34.014 CompactLogix 5480 (5069 - L4): Versions prior to v36.011, v35.013, v34.014 ControlLogix 5580 (1756 - L8z): Versions prior to v36.011, v35.013, v34.014 GuardLogix 5580 (1756 - L8z): Versions prior to v36.011, v35.013, v34.014 Compact GuardLogix 5380 (5069 - L3zS2): Versions prior to v36.011, v35.013, v34.014 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 A denial-of-service vulnerability exists in the affected products. A m...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow and attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: CompactLogix 5380 (5069 - L3z): Versions prior to v36.011, v35.013, v34.014 CompactLogix 5480 (5069 - L4): Versions prior to v36.011, v35.013, v34.014 ControlLogix 5580 (1756 - L8z): Versions prior to v36.011, v35.013, v34.014 GuardLogix 5580 (1756 - L8z): Versions prior to v36.011, v35.013, v34.014 Compact GuardLogix 5380 (5069 - L3zS2): Versions prior to v36.011, v35.013, v34.014 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 A denial-of-service vulnerability exists in the affected products. This v...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: SuiteLink Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause the server to consume excessive system resources, preventing processing of SuiteLink messages on the targeted host. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AVEVA products with AVEVA SuiteLink Server installed, are affected: SuiteLink: Versions 3.7.0 and prior Historian: Versions 2023 R2 P01 and prior InTouch: Versions 2023 R2 P01 and prior Application Server: Versions 2023 R2 P01 and prior Communication Drivers Pack: Versions 2023 R2 and prior Batch Management: Versions 2023 and prior 3.2 Vulnerability Overview 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770 If exploited, this vulnerability could cause a SuiteLink server to consume excessive system re...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion8 Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to view sensitive data due to a lack of encryption. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions Rockwell Automation Pavilion8, a model predictive control software, are affected: Pavilion8: Versions v5.20 and later 3.2 Vulnerability Overview 3.2.1 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality. CVE-2024-40620 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.4 has been calc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Micro850/870 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may cause CIP/Modbus communication to be disrupted for short duration. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of Micro850/870 programmable controllers are affected: PLC - Micro850/870 (2080 -L50E/2080 -L70E): versions prior to v22.011 3.2 Vulnerability Overview 3.2.1 Uncontrolled Resource Consumption CWE-400 A denial-of-service vulnerability exists via the CIP/Modbus port in Micro850/870. If exploited, the CIP/Modbus communication may be disrupted for short duration. CVE-2024-7567 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). A CVSS v4 score has also ...