us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SIMATIC, OpenPCS Vulnerabilities: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a persistent denial-of-service condition in the RPC Server of these products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: OpenPCS 7 V9.1: All versions SIMATIC BATCH V9.1: All versions SIMATIC PCS 7 V9.1: All versions SIMATIC Route Control V9.1: All versions SIMATIC WinCC Runtime Professional V18: All versions SIMATIC WinCC Runtime Profes...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Module Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than themselves. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following MELSEC iQ-R Series products are affected: MELSEC iQ-R Series Safety CPU R08SFCPU: All versions MELSEC iQ-R Series Safety CPU R16SFCPU: All versions MELSEC iQ-R Series Safety CPU R32SFCPU: All versions MELSEC iQ-R Series Safety CPU R120SFCPU: All versions MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU: All versions MELSEC iQ-R Series SIL2 Process CPU R16PSFCPU: All versions MELSEC iQ-R Series SIL2 Process CPU R32PSFCPU: All versions MELSEC iQ-R Series SIL2 Proce...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Qolsys, Inc. Equipment: IQ Panel 4, IQ4 Hub Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel software, under certain circumstances, to provide unauthorized access to settings. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Qolsys, Inc, a subsidiary of Johnson Controls, are affected: Qolsys IQ Panel 4: Versions prior to 4.4.2 Qolsys IQ4 Hub: Versions prior to 4.4.2 3.2 Vulnerability Overview 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 In Qolsys IQ Panel 4 and IQ4 Hub versions prior to 4.4.2, panel software, under certain circumstances, could allow unauthorized access to settings. CVE-2024-0242 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.3 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: HID Global Equipment: Reader Configuration Cards Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device administration keys from a configuration card. Those keys could be used to create malicious configuration cards or credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following HID products are affected: HID iCLASS SE reader configuration cards: All versions OMNIKEY Secure Elements reader configuration cards: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHORIZATION CWE-285 Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. CVE-2024-23806 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable locally Vendor: HID Global Equipment: iCLASS SE, OMNIKEY Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration cards and credentials. Reader configuration cards contain credential and device administration keys which could be used to create malicious configuration cards or credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following HID products are affected when configured as an encoder: iCLASS SE CP1000 Encoder: All versions iCLASS SE Readers: All versions iCLASS SE Reader Modules: All versions iCLASS SE Processors: All versions OMNIKEY 5427CK Readers: All versions OMNIKEY 5127CK Readers: All versions OMNIKEY 5023 Readers: All versions OMNIKEY 5027 Readers: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHORIZATION CWE-285 Certain configuration available in the communication channel for enc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: AVEVA Edge products (formerly known as InduSoft Web Studio) Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AVEVA Edge products (formerly known as InduSoft Web Studio) are affected: AVEVA Edge: 2020 R2 SP2 and prior 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. CVE-2023-6132 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Gessler GmbH Equipment: WEB-MASTER Vulnerabilities: Use of Weak Credentials, Use of Weak Hash 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a user to take control of the web management of the device. An attacker with access to the device could also extract and break the password hashes for all users stored on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Gessler GmbH WEB-MASTER, an emergency lighting management system, are affected: WEB-MASTER: version 7.9 3.2 Vulnerability Overview 3.2.1 USE OF WEAK CREDENTIALS CWE-1391 Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. CVE-2024-1039 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector s...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Hitron Systems Equipment: DVR Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to affect the availability of the product through exploitation of an improper input validation vulnerability and default credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitron Systems DVR, a digital video recorder, are affected: DVR HVR-4781: Versions 1.03 through 4.02 DVR HVR-8781: Versions 1.03 through 4.02 DVR HVR-16781: Versions 1.03 through 4.02 DVR LGUVR-4H: Versions 1.02 through 4.02 DVR LGUVR-8H: Versions 1.02 through 4.02 DVR LGUVR-16H: Versions 1.02 through 4.02 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 An improper input validation vulnerability exists in Hitron Systems DVR HVR-4781 versions 1.03 thro...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: LP30, LP40, LP50, and BM40 Operator Panels Vulnerability: Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow, Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to use specifically crafted communication requests to perform a denial-of-service condition, memory overwriting, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: LP30 Operator Panel: Versions prior to V3.5.19.0 LP40 Operator Pane: Versions prior to V3.5.19.0 LP50 Operator Panel: Versions prior to V3.5.19.0 BM40 Operator Panel: Versions prior to V3.5.19.0 3.2 Vulnerability Overview 3.2.1 IMPROPER VALIDATION OF CONSISTENCY WITHIN INPUT CWE-1288 After successful authentication, specifically c...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX OPC Server DA/UA (Software packaged with MC Works64) Vulnerabilities: Missing Authentication for Critical Function, Unsafe Reflection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service (DoS) condition on the products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric FA Engineering Software Products, are affected: EZSocket: Versions 3.0 and later FR Configurator2: All versions GT Designer3 Version1(GOT1000): All versions GT Designer3 Version1(GOT2000): All versions GX Works2: Versions 1.11M and later GX Works3: All ...