Source
us-cert
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: LOGO! 8 BM Devices Vulnerabilities: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code remotely, put the device into a denial-of-service state, or change the behavior of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: LOGO! 12/24RCE (6ED1052-1MD08-0BA2): All versions SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2): All versi...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Spectrum Power 4 Vulnerabilities: Incorrect Use of Privileged APIs, Incorrect Privilege Assignment, Incorrect Permission Assignment for Critical Resource, Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Spectrum Power 4: Versions prior to V4.70 S...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Incomplete List of Disallowed Inputs, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or lead to data infiltration. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens COMOS with COMOS Web deployed: Versions prior to 10.4.5 (CVE-2023-45133) Siemens COMOS that use COMOS Snapshots component: Versions prior to 10.4.5 (CVE-2024-0056) 3.2 VULNERABILITY OVERVIEW 3.2....
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM P850 family and SICAM P855 family Vulnerabilities: Cross-Site Request Forgery (CSRF), Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SICAM P850 (7KG8500-0AA00-0AA0): Versions prior to 3.11 SICAM P850 (7KG8501-0AA02-2AA0): Versions prior to 3.11 SICAM P85...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Studio 5000 Simulation Interface Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to trigger outbound SMB requests to capture NTLM hashes and execute scripts with Administrator privileges upon system reboot. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Studio 5000 Simulation Interface are affected: Studio 5000 Simulation Interface: Version 2.02 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 A local code execution security issue exists within Studio 5000 Simulation Interface via the API. This vulnerability allows any Windows user on the system to extract files using path traversal...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Application Server IDE Vulnerability: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with help files and inject cross-site scripting (XSS) code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Application Server are affected: Application Server: Versions 2023 R2 SP1 P02 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SCRIPT-RELATED HTML TAGS IN A WEB PAGE (BASIC XSS) CWE-80 The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The vulnerability can only be exploited durin...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Edge Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Edge (formerly InduSoft Web Studio), a HMI/SCADA software, are affected: Edge: Versions 2023 R2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes. CVE-2025-9317 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric MELSEC iQ-F Series are affected: FX5U-32MT/ES: All versions FX5U-32MT/DS: All versions FX5U-32MT/ESS: All versions FX5U-32MT/DSS: All versions FX5U-64MT/ES: All versions FX5U-64MT/DS: All versions FX5U-64MT/ESS: All versions FX5U-64MT/DSS: All versions FX5U-80MT/ES: All versions FX5U-80MT/DS: All versions FX5U-80MT/ESS: All versions FX5U-80MT/DSS: All versions FX5U-32MR/ES: All versions FX5U-32MR/DS: All versions FX5U-64MR/ES: All versions FX5U-64MR/DS: All versions FX5U-80MR/ES: All versions FX5U-80MR/DS: All versions FX5UC-32MT/D: All ver...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: General Industrial Controls Equipment: Lynx+ Gateway Vulnerabilities: Weak Password Requirements, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in obtaining sensitive device information, unauthorized access, or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Lynx+ Gateway are affected: Lynx+ Gateway: Version R08 Lynx+ Gateway: Version V03 Lynx+ Gateway: Version V05 Lynx+ Gateway: Version V18 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK PASSWORD REQUIREMENTS CWE-521 The affected product is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login. CVE-2025-55034 has been assigned to this vulnerability. A C...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Software Center and Solid Edge Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Software Center and Solid Edge are affected: Siemens Software Center: All versions prior to 3.5 Solid Edge SE2025: All versions prior to V225.0 Update 10 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The affected application is vulnerabl...