us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Verve Asset Manager are affected: Verve Asset Manager: Versions 1.39 and prior 3.2 Vulnerability Overview 3.2.1 DEPENDENCY ON VULNERABLE THIRD-PARTY COMPONENT CWE-1395 Verve Asset Manager utilizes Kibana, which contains a remote code execution vulnerability that allows an attacker with access to ML and alerting connecting features as well as write access to internal ML to trigger a prototype pollution vulnerability, which can ultimately lead to arbitrary code execution. The code execution is limited to the container. CVE-2024-37287 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Runtime Vulnerability: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote attackers to circumvent default account lockout measures. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mendix Runtime are affected: Mendix Runtime: V8 Mendix Runtime: V9 Mendix Runtime: V10 Mendix Runtime: V10.6 Mendix Runtime: V10.12 3.2 Vulnerability Overview 3.2.1 CONCURRENT EXECUTION USING SHARED RESOURCE WITH...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to gain access to the filesystem. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of SIMATIC CP is affected: SIMATIC CP1543-1: V4.0 (6GK7543-1AX10-0XE0) 3.2 Vulnerability Overview 3.2.1 INCORRECT AUTHORIZATION CWE-863 Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem. CVE-2024-50310 has been assign...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TRO600 Series Vulnerabilities: Command Injection, Improper Removal of Sensitive Information Before Storage or Transfer 2. RISK EVALUATION Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensively than the write privilege intends. Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Hitachi Energy are affected: Hitachi Energy TRO600 series firmware versions...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View ME Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local low-privileged user to escalate their privileges by changing the macro to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of FactoryTalk Software are affected: FactoryTalk View ME, when using default folder privileges: v14.0 and prior 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 A remote code execution vulnerability exists in FactoryTalk View ME. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Equipment: PowerSYSTEM Center Vulnerabilities: Improper Restriction of XML External Entity Reference, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause an integer overflow on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SUBNET PowerSYSTEM Center, an OT device management platform, are affected: PowerSYSTEM Center PSC 2020: v5.22.x and prior 3.2 Vulnerability Overview 3.2.1 Improper Restriction of XML External Entity Reference CWE-611 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. CVE-2024-45490 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 Integer Overflow or ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bosch Rexroth Equipment: IndraDrive Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Bosch Rexroth reports that the following versions of IndraDrive, servo drive system, are affected: Bosch Rexroth AG IndraDrive FWA-INDRV*-MP*: 17VRS < 20V36 3.2 Vulnerability Overview 3.2.1 Uncontrolled Resource Consumption CWE-400 A vulnerability in the PROFINET stack implementation of the IndraDrive of Bosch Rexroth allows an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages. CVE-2024-48989 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3....

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of DIAScreen, which is a component of Delta's DIAStudio Smart Machine Suite integrated engineering software package, are affected: DIAScreen: versions prior to v1.5.0 3.2 Vulnerability Overview 3.2.1 Stack-based Buffer Overflow CWE-121 If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. CVE-2024-47131 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low Attack Complexity Vendor: Beckhoff Automation Equipment: TwinCAT Package Manager Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation this vulnerability could allow a local attacker with administrative access rights to execute arbitrary OS commands on the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Beckhoff Automation products are affected: TwinCAT Package Manager: Versions prior to 1.0.603.0 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 A local user with administrative access rights can enter specially crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed. CVE-2024-8934 has been assigned to this vulnerability. A CVSS v3 base score of 6...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk ThinManager Vulnerabilities: Missing Authentication For Critical Function, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send crafted messages to the device resulting in database manipulation or a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation FactoryTalk product versions are affected: ThinManager: Versions 11.2.0 to 11.2.9 ThinManager: Versions 12.0.0 to 12.0.7 ThinManager: Versions 12.1.0 to 12.1.8 ThinManager: Versions 13.0.0 to 13.0.5 ThinManager: Versions 13.1.0 to 13.1.3 ThinManager: Versions 13.2.0 to 13.2.2 ThinManager: Version 14.0.0 3.2 Vulnerability Overview 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 An authentication vulnerability exists in the affected product. The vulnerability could al...