us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: SIMATIC Field PG and SIMATIC IPC Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local user to potentially read other users' data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC Field PG M6: All Versions SIMATIC IPC BX-39A: All Versions SIMATIC IPC PX-39A: All Versions SIMATIC IPC PX-39A PRO: All Versions SIMATIC IPC RW-543A: All Versions SIMATIC IPC627E: All Versions SIMATIC IPC647E: All Versions SIMATIC...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Product Family Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Buffer Underflow, Classic Buffer Overflow, Time-of-check Time-of-use Race Condition, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Improper Input Validation, Missing Release of Memory after Effective Lifetime, Improperly Implemented Security Check for Standard, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities on affected products could lead to inform...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: QMS Automotive Vulnerabilities: Plaintext Storage of a Password, Cleartext Storage of Sensitive Information in Memory, Generation of Error Message Containing Sensitive Information, Server-generated Error Message Containing Sensitive Information, Improper Verification of Cryptographic Signature, Insecure Storage of Sensitive Information, Cleartext Transmission of Sensitive Information, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of these vulnerabilitie...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management (APM) Edge Vulnerabilities: Use After Free, Double Free, Type Confusion, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclosure of sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi products are affected: Lumada APM Edge: Versions 4.0 and prior Lumada APM Edge: Version 6.3 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the fr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low attack complexity Vendor: Fujitsu Software Equipment: Infrastructure Manager Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker retrieving the password for the proxy server that is configured in ISM from the maintenance data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Infrastructure Manager are affected: Infrastructure Manager: Advanced Edition V2.8.0.060 Infrastructure Manager: Advanced Edition for PRIMEFLEX V2.8.0.060 Infrastructure Manager: Essential Edition V2.8.0.060 3.2 Vulnerability Overview 3.2.1 Cleartext Storage of Sensitive Information CWE-312 An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and stora...

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Phoenix Contact Equipment: TC ROUTER and TC CLOUD CLIENT Vulnerabilities: Cross-site Scripting, XML Entity Expansion 2. RISK EVALUATION Successful exploitation of this these vulnerabilities could execute code in the context of the user's browser or cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Phoenix contact reports that the following products are affected: TC ROUTER 3002T-4G: versions prior to 2.07.2 TC ROUTER 3002T-4G ATT: versions prior to 2.07.2 TC ROUTER 3002T-4G VZW: versions prior to 2.07.2 TC CLOUD CLIENT 1002-4G: versions prior to 2.07.2 TC CLOUD CLIENT 1002-4G ATT: versions prior to 2.07.2 TC CLOUD CLIENT 1002-4G VZW: versions prior to 2.07.2 CLOUD CLIENT 1101T-TX/TX: versions prior to 2.06.10 3.2 Vulnerability Overview 3.2.1 Cross-site Scripting CWE-79 In PHOENIX CONTACT TC ROUTER and TC CLOUD CLIENT prior to version 2.07.2 as ...

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Socomec Equipment: MOD3GP-SY-120K Vulnerabilities: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Storage of Sensitive Information, Reliance on Cookies without Validation and Integrity Checking, Code Injection, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute malicious Javascript code, obtain sensitive information, or steal session cookies. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Socomec products are affected: MODULYS GP (MOD3GP-SY-120K): Web firmware v01.12.10 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into...

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions Equipment: MAGLINK LX - Web Console Configuration Vulnerabilities: Authentication Bypass using an Alternate Path or Channel, Improper Access Control, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MAGLINK LX Web Console Configuration are affected: MAGLINK LX Web Console Configuration: version 2.5.1 MAGLINK LX Web Console Configuration: version 2.5.2 MAGLINK LX Web Console Configuration: version 2.5.3 MAGLINK LX Web Console Configuration: version 2.6.1 MAGLINK LX Web Console Configuration: version 2.11 MAGLINK LX Web Console Configuration: version 3.0 MAGLINK LX Web Console Configuration: version 3.2 MAGLINK LX Web Console Configuration: version 3.3 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS USING...

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker logging into the web interface using the obtained credentials. The attacker could initialize or reboot the products, terminating the video transmission. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Real-time Video Transmission Gear "IP series", a hosted web application, are affected: Real-time Video Transmission Gear "IP series" IP-HE950E: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE950D: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE900E: firmware versions V01L001 to V01L010 Real-time Video Transmission Gear "IP series" IP-HE900D: firmware versions V01L001 to V01L004 Real-time Video Transmission Ge...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: GE Digital ​Equipment: CIMPLICITY ​Vulnerability: Process Control 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges to SYSTEM. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following GE products are affected:  ​GE Digital CIMPLICITY: v2023 3.2 VULNERABILITY OVERVIEW 3.2.1 ​PROCESS CONTROL CWE-114 ​GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. ​CVE-2023-4487 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND ​CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors ​COUNTRIES/AREAS DEPLOYED: Worldwide ​COMPANY HEADQUARTERS LO...