us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Pavilion 8, a Model Predictive Control (MPC) solution, are affected: Pavilion 8: Versions 5.15.00 to 5.20.00 3.2 Vulnerability Overview 3.2.1 Incorrect Permission Assignment for Critical Resource CWE-732 A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data and create users. For example, a malicious user with basic privileges could perfo...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to execute arbitrary code with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens are affected: SINEMA Remote Connect Server: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 Affected applications are vulnerable to command injection due to missing server side ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: TIA Portal and SIMATIC STEP 7 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Totally Integrated Automation Portal (TIA Portal): All versions Totally Integrated Automation Portal (TIA Portal) V18: All versions SIMATIC STEP 7 Safety V18: All versions 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DA...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated local attacker to execute arbitrary code with system privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following versions of SINEMA Remote Connect management platform are affected: SINEMA Remote Connect Client: versions prior to V3.2 HF1 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 The syst...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The vulnerabilities exist in the following versions of ThinManger ThinServer: ThinManager ThinServer: Versions 11.1.0, 11.2.0, 12.0.0, 12.1.0, 13.0.0, 13.1.0, 13.2.0 (CVE-2024-5988, CVE-2024-5989) ThinManager ThinServer: Versions 11.1.0, 11.2.0, 12.0.0, 12.1.0, 13.0.0, 13.1.0 (CVE-2024-5990) 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the affected device. CVE-2024-5988 has been assigned t...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC, SIMIT Vulnerability: Improperly Controlled Sequential Memory Allocation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a high load situation, memory exhaustion, and may block the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC Energy Manager Basic: Versions prior to V7.5 SIMATIC Energy Manager PRO: Versions prior to V7.5 SIMATIC IPC DiagBase: All versions SIMATIC IPC DiagMonitor: All versions SIMIT V10: All versions SIMIT V11: Versions p...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT Open and PLM XML SDK Vulnerabilities: NULL Pointer Dereference, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could could cause the application to crash or potentially lead to arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens are affected: JT Open: All versions PLM XML SDK: All versions 3.2 Vulnerability Overview 3.2.1 NULL POINTER DEREFERENCE CWE-476 The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An a...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE 1808 Vulnerabilities: Stack-based Buffer Overflow, Use of Password Hash With Insufficient Computational Effort, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized code or commands via specially crafted CLI commands and access to decrypting the CLI backup file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siemens RUGGEDCOM APE1808: All versions with Fortinet NGFW 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFF...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE, RUGGEDCOM, SIPLUS, and SINEC Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow on-path attackers to gain access to the network with the attackers desired authorization without needing legitimate credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: RUGGEDCOM CROSSBOW: All versions RUGGEDCOM i800: All versions RUGGEDCOM i800NC: All versions RUGGEDCOM i801: All versions RUGGEDCOM i801NC: Al...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization, JT2Go Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siemens JT2Go: Versions prior to v14.3.0.8 Siemens Teamcenter Visualization V14.1: Versions prior to v14.1.0.14 Siemens Teamcenter Visualization V14.2: Versions prior to v14.2.0.10 Siemens Teamcenter Visualization V14.3: Versions prior to v14.3.0.8 Siemens Teamcenter Visualizatio...