us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Creo Elements/Direct License Server Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote attackers to execute arbitrary OS commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PTC reports that the following versions of Creo Elements/Direct License Server are affected; note that this vulnerability does not impact "Creo License server": Creo Elements/Direct License Server: Version 20.7.0.0 and prior 3.2 Vulnerability Overview 3.2.1 Missing Authorization CWE-122 Creo Elements Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. CVE-2024-6071 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Yokogawa Equipment: CENTUM Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary programs. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yokogawa CENTUM, a distributed control system (DCS), are affected: CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class): Version R3.08.10 to R3.09.50 CENTUM VP (Including CENTUM VP Entry Class): Version R4.01.00 to R4.03.00 CENTUM VP (Including CENTUM VP Entry Class): Version R5.01.00 to R5.04.20 CENTUM VP (Including CENTUM VP Entry Class): Version R6.01.00 to R6.11.10 3.2 Vulnerability Overview 3.2.1 Improper Access Control CWE-284 If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: CAREL Equipment: Boss-Mini Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate an argument path, which would lead to information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CAREL Boss-Mini, a local supervisor solution, are affected: Boss-Mini: Version 1.4.0 (Build 6221) 3.2 Vulnerability Overview Under certain conditions, a malicious actor already present in the same network segment of the affected product, could abuse Local File Inclusion (LFI) techniques to access unauthorized file system resources, such as configuration files, password files, system logs, or other sensitive data. This could expose confidential information and potentially lead to further threats. CVE-2023-3643 has been assigned to this vulnerability. A CVSS v3.1 base s...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: L210-F2G Lynx Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed or may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Westermo L210-F2G industrial ethernet switches are affected: L210-F2G Lynx: version 4.21.0 3.2 Vulnerability Overview 3.2.1 Cleartext Transmission of Sensitive Information CWE-319 Plain text credentials and session ID can be captured with a network sniffer. CVE-2024-37183 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2024-37183. A base score of 6.9 has been calculated; the CVSS v...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: RAD Data Communications Equipment: SecFlow-2 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain files from the operating system by crafting a special request. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following RAD Data Communications products are affected: SecFlow-2: All versions 3.2 Vulnerability Overview 3.2.1 PATH TRAVERSAL: '..\FILENAME' CWE-29 RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. CVE-2019-6268 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2019-6268. A base score of 8.7 has...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: ST7 ScadaConnect Vulnerabilities: Integer Overflow or Wraparound, Double Free, Improper Certificate Validation, Inefficient Regular Expression Complexity, Improper Check for Unusual or Exceptional Conditions, Improper Input Validation, NULL Pointer Dereference, Missing Encryption of Sensitive Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, cause a denial-of-service (DoS) cond...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SITOP UPS1600 10 A Ethernet/ PROFINET (6EP4134-3AB00-2AY0), SITOP UPS1600 20 A Ethernet/ PROFINET (6EP4136-3AB00-2AY0), SITOP UPS1600 40 A Ethernet/ PROFINET (6EP4137-3AB00-2AY0), SITOP UPS1600 EX 20 A Ethernet PROFINET (6EP4136-3AC00-2AY0) Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause limited impact in the affected systems. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SITOP UPS1600, an uninterruptible power supply, are affected: SITOP UPS1600 10 A Ether...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: TIA Administrator Vulnerability: Creation of Temporary File in Directory with Insecure Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disrupt the update process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens TIA Administrator, a web-based framework, are affected: TIA Administrator: All versions prior to V3 SP2 3.2 Vulnerability Overview 3.2.1 CREATION OF TEMPORARY FILE IN DIRECTORY WITH INSECURE PERMISSIONS CWE-379 The affected component creates temporary download files in a directory wit...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Applications Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation requires to guess the identification of a target role which contains the elevated access rights. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products, are affected: Siemens Mendix Applications using Mendix 9: Versions prior to V9.24.22 and after V9.3.0 Siemens Mendix Applications using Mendix 10: Versions prior to V10.11.0 Siemens Mendix Applications using Mendix 10 (V10.6): Versions prior V10.6.9 3.2 Vulnerability Overview 3.2.1 IMPROPER PRIVILEGE ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-200 SMART devices Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens programmable logic controllers are affected: Siemens SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0): All versions Siemens SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0): All versions Siemens SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0): All versions Siemens SIMATIC S7-20...