Source
us-cert
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Simcenter Nastran Vulnerabilities: Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following versions of Simcenter Nastran finite element method (FEM) solver are affected: Simcenter Nastran 2306: All versions Simcenter Nastran 2312: All versions Simcenter Nastran 2406: Versions prior to V2406.5000 3.2 Vulnerabili...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Heap-Based Buffer Overflow, Out-of-bounds Read, Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code remotely. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics CNCSoft-G2, a Human-Machine Interface (HMI) software, are affected: CNCSoft-G2: Version 2.1.0.10 3.2 Vulnerability Overview 3.2.1 Stack-based Buffer Overflow CWE-121 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. CVE-2024-47962 has been assigned to this vulnerability....
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 and S7-1200 CPUs Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following SIMATIC S7-1500 and S7-1200 CPUs are affected: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): versions prior to V3.1.4 SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): versions prior to V3.1.4 SIMATIC ET 200SP ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SENTRON 7KM PAC3200 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access clear text communication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SENTRON PAC3200 devices are affected: SENTRON 7KM PAC3200: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHENTICATION CWE-287 Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface coul...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT2Go Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens JT2Go, a 3D viewing tool, are affected: JT2Go: All versions prior to V2406.0003 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: TEM Equipment: Opera Plus FM Family Transmitter Vulnerabilities: Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of TEM Opera Plus FM Family Transmitter, a FM Transmitter, are affected: Opera Plus FM Family Transmitter: Version 35.45 3.2 Vulnerability Overview 3.2.1 Missing Authentication for Critical Function CWE-306 TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-on...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery (SSRF), Inefficient Regular Expression Complexity, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing a proxy, creating a denial-of-service condition, or viewing sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PowerSYSTEM Center are affected: PowerSYSTEM Center: PSC 2020 v5.21.x and prior 3.2 Vulnerability Overview 3.2.1 SERVER-SIDE REQUEST FORGERY (SSRF) CWE-918 Vulnerable versions of PowerSYSTEM Center utilize Axios NPM package 0.21.0, which contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. CVE-2020-28168 has been assi...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records or cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAEnergie, an industrial energy management system, are affected: DIAEnergie: Versions v1.10.01.008 and prior. 3.2 Vulnerability Overview 3.2.1 SQL Injection CWE-89 Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. CVE-2024-43699 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculat...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Weak Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution, arbitrary file upload, or bypass authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ONS-S8 - Spectra Aggregation Switch, an OT network management device, are affected: ONS-S8 - Spectra Aggregation Switch: 1.3.7 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER CONTROL OF FILENAME FOR INCLUDE/REQUIRE STATEMENT IN PHP PROGRAM ('PHP REMOTE FILE INCLUSION') CWE-98 The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, b...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F FX5-OPC Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a Denial-of-Service (DoS) condition on the product by getting a legitimate user to import a specially crafted PKCS#12 format certificate. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric products are affected: MELSEC iQ-F FX5-OPC: All versions 3.2 Vulnerability Overview 3.2.1 NULL POINTER DEREFERENCE CWE-476 A Denial-of-Service (DoS) vulnerability due to NULL Pointer Dereference when processing PKCS#12 format certificate exists in OpenSSL installed on MELSEC iQ-F OPC UA Unit. Because OpenSSL does not correctly check if a certain field in the PKCS#12 format certificate is NULL, a NULL pointer dereference occurs when the field is NULL, causing the product to enter a...