us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure IT Gateway Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following versions of EcoStruxure IT Gateway are affected: EcoStruxure IT Gateway: 1.21.0.6 EcoStruxure IT Gateway: 1.22.0.3 EcoStruxure IT Gateway: 1.22.1.5 EcoStruxure IT Gateway: 1.23.0.4 3.2 Vulnerability Overview 3.2.1 MISSING AUTHORIZATION CWE-862 A missing authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. CVE-2024-10575 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculate...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with memory on these devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric Modicon M340, MC80, and Momentum Unity M1E are affected: Modicon M340 CPU (part numbers BMXP34*): Versions prior to SV3.65 Modicon MC80 (part numbers BMKC80)(CVE-2024-8937, CVE-2024-8938): All versions Modicon Momentum Unity M1E Processor (171CBU*)(CVE-2024-8937, CVE-2024-8938): All versions 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 An Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Enforcement of Message Integrity During Transmission in a Communication Channel, Authentication Bypass by Spoofing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve password hashes or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric Modicon M340, MC80, and Momentum Unity M1E are affected: Modicon M340 CPU (part numbers BMXP34*): All versions (CVE-2024-8933) Modicon M340 CPU (part numbers BMXP34*): versions after SV3.60 (CVE-2024-8935) Modicon MC80 (part numbers BMKC80): All versions (CVE-2024-8933) Modicon Momentum Unity M1E Processor (171CBU*): All versions (CVE-2024-8933) 3.2 Vulnerability Overview 3.2.1 Improper Enforcement of Message Integrity During Transmission in a Communi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic PM5300 Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to become unresponsive resulting in communication loss. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following PowerLogic energy meters are affected: PowerLogic PM5320: Versions 2.3.8 and prior PowerLogic PM5340: Versions 2.3.8 and prior PowerLogic PM5341: Versions 2.6.6 and prior 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 An uncontrolled resource consumption vulnerability exists that could cause Schneider Electric PowerLogic PM5300 Series devices to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. CVE-2024-9409 has been assigned to this vulnerability. A CVSS v3 ba...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: OS Command Injection, Improper Authentication, Missing Authentication for Critical Function, Path Traversal. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: myPRO Manager: Versions prior to 1.3 myPRO Runtime: Versions prior to 9.2.1 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. CVE-2024-47407 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Type of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module is required for recovery. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following versions of MELSEC iQ-F Series Ethernet module and EtherNet/IP module are affected: MELSEC iQ-F Series FX5-ENET: version 1.100 and later MELSEC iQ-F Series FX5-ENET/IP: version 1.100 to 1.104 3.2 Vulnerability Overview 3.2.1 Improper Validation of Specified Type of Input CWE-1287 A denial-of-service vulnerability due to improper validation of a specified type of input exists in MELSEC iQ-F Ethernet Module and EtherNet/IP Module. CVE-2024-8403 has ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Authentication, Out-of-bounds Write, Inefficient Regular Expression Complexity, Excessive Iteration, Reachable Assertion, Uncontrolled Resource Consumption, Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Memory Allocation with Excessive Size Value, Heap-based Buffer Overflow, Missing Encryption of Sensitive Data, Path Traversal, Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthori...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Out-of-bounds Write, Uncontrolled Resource Consumption, HTTP Request/Response Splitting, Missing Encryption of Sensitive Data, Out-of-bounds Read, Improper Certificate Validation, Missing Release of Resource after Effective Lifetime, Improper Validation of Certificate with Host Mismatch, Allocation of Resources Without Limits or Throttling, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this could...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: OZW672 and OZW772 Web Server Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: OZW672: versions prior to V5.2 OZW772: versions prior to V5.2 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERA...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: SIPORT Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Siemens SIPORT: Versions prior to V3.4.0 3.2 Vulnerability Overview 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 The affected application improperly assigns file permissions to install...