us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional Conditions, Stack Based Buffer Overflow, Direct Request 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or execute arbitrary code on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS At least the following Vonets products are affected: VAR1200-H: Versions 3.3.23.6.9 and prior VAR1200-L: Versions 3.3.23.6.9 and prior VAR600-H: Versions 3.3.23.6.9 and prior VAP11AC: Versions 3.3.23.6.9 and prior VAP11G-500S: Versions 3.3.23.6.9 a...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform state-changing operations with administrative privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Johnson Controls exacqVision Web Service are affected: exacqVision Web Service: Versions 24.03 and prior 3.2 Vulnerability Overview 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352 In Johnson Controls exacqVision Web Service versions 24.03 and prior, an attacker may be able to perform state-changing operations with administrative privileges. CVE-2024-32863 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Web Service Vulnerability: Use of GET Request Method With Sensitive Query Strings 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Johnson Controls exacqVision Web Service are affected: exacqVision Web Service: Versions 24.03 and prior 3.2 Vulnerability Overview 3.2.1 USE OF GET REQUEST METHOD WITH SENSITIVE QUERY STRINGS CWE-598 Under certain circumstances exacqVision Web Service versions 24.03 and prior can expose authentication token details within communications. CVE-2024-32931 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Comme...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability: Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute CIP programming and configuration commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules are affected: ControlLogix: Version V28 GuardLogix: Version V31 1756-EN4TR: Version V2 1756-EN2T, Series A/B/C (unsigned version): Version v5.007 1756-EN2F, Series A/B (unsigned version): Version v5.007 1756-EN2TR, Series A/B (unsigned version): Version v5.007 1756-EN3TR, Series B (unsigned version): Version v5.007 1756-EN2T, Series A/B/C (signed version): Version v5.027 1756-EN2F, Series A/B (signed version): Version v5.027 1756-EN2TR, Series A/B (signed version): Version v5.027 1...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CPCI85 for CP-8031/CP-8050, CPCI85, SICORE Vulnerabilities: Unverified Password Change, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform an unauthorized password reset which could lead to privilege escalation and potential leak of information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens SICAM product versions are affected: CPCI85 Central Processing/Communication: All versions prior to V5.40 SICORE Base system: All versions prior to V1.4....

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Positron S.R.L Equipment: Broadcast Signal Processor TRA7005 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and access unauthorized protected areas of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Positron Broadcast Signal Processor are affected: Broadcast Signal Processor TRA7005: v1.20 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. CVE-2024-7007 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculate...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy AFS/AFR are affected: AFS650: Version 9.1.08 and prior AFS660-C: Version 7.1.05 and prior AFS665-B: Version 7.1.05 and prior AFS670-V2: Version 7.1.05 and prior AFS670: Version 9.1.08 and prior AFS675: Version 9.1.08 and prior AFS677: Version 9.1.08 and prior AFR677: Version 9.1.08 and prior 3.2 Vulnerability Overview 3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments LabVIEW products are affected: LabVIEW: Versions 24.1f0 and prior 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 LabVIEW is vulnerable to an out-of-bounds read, which could allow a local attacker to execute arbitrary code on affected installations of LabVIEW. User interaction is required to exploit the vulnerabilities in that the user must open a malicious VI file. CVE-2024-4079 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: IO Trace Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments I/O TRACE bundled products are affected: I/O TRACE: All versions 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. User interaction is required to exploit the vulnerability in that the user must open a malicious nitrace file. CVE-2024-5602 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-5602. A base score of 8.4 has been calc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following versions of MELSOFT MaiLab, a data science tool for manufacturing improvement, are affected: MELSOFT MaiLab SW1DND-MAILAB-M: versions 1.00A to 1.05F MELSOFT MaiLab SW1DND-MAILABPR-M: versions 1.00A to 1.05F 3.2 Vulnerability Overview 3.2.1 Improper Verification of Cryptographic Signature CWE-347 A denial-of-service vulnerability exists in the OpenSSL library used in MELSOFT MaiLab due to improper verification of cryptographic signature resulting from improper implementation of the POLY1305 message authentication code (MAC). CVE-2023-4807 has ...