us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Cross-site Scripting, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code via the 'options' element or obtain access to unauthorized resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SINEMA Remote Connect Server, a remote management platform, are affected: SINEMA Remote Connect Server: Versions prior to V3.2 SINEMA Remote Connect Server: Versions prior to V3.1 3.2 Vulnerability...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Low attack complexity Vendor: Softing Equipment: edgeConnector Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions that may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Softing edgeConnector are affected: Softing edgeConnector: Version 3.60 Softing edgeAggregator: Version 3.60 3.2 Vulnerability Overview 3.2.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22 The affected product is vulnerable to an absolute path traversal vulnerability, which may allow an attacker with admin privileges to write to a file or overwrite a file in the filesystem. CVE-2023-38126 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.2 CLEARTEXT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Siveillance Control Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to gain write privileges for objects where they only have read privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siveillance Control: Versions V2.8 and after until V3.1.1 3.2 Vulnerability Overview 3.2.1 INCORRECT AUTHORIZATION CWE-863 The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locall...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Design Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric - EcoStruxure Power Design - Ecodial, an equipment management platform, are affected: EcoStruxure Power Design - Ecodial NL: All Versions EcoStruxure Power Design - Ecodial INT: All Versions EcoStruxure Power Design - Ecodial FR: All Versions 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 All versions of Schneider Electric EcoStruxure Power Design - Ecodial NL, INT, and FR deserializes untrusted data which could allow an attacker to perform code execution when a malicious project file is loaded into the application by a valid user. CVE-2024-2229 has been assigned to this vulnerability...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Chirp Systems Equipment: Chirp Access Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control and gain unrestricted physical access to systems using the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Chirp Systems are affected: Chirp Access: All Versions 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access. CVE-2024-2197 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities Sector COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Nice Equipment: Linear eMerge E3-Series Vulnerabilities: Path traversal, Cross-site scripting, OS command injection, Unrestricted Upload of File with Dangerous Type, Incorrect Authorization, Exposure of Sensitive Information to an Authorized Actor, Insufficiently Protected Credentials, Use of Hard-coded Credentials, Cross-site Request Forgery, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Nice Linear eMerge E3-Series are affected: Linear eMerge E3-Series: versions 1.00-06 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL') CWE-22 Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to path traversal....

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products are affected: CNCSoft-B: Versions 1.0.0.4 and prior 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. CVE-2024-1941 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEARCHER Natnael Samson (@NattiS...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a temporary denial-of-service (DoS) condition for a certain period of time in the product's Ethernet communication by performing a TCP SYN Flood attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric MELSEC iQ-F Series, a compact control platform, are affected: Products with * are sold in limited regions. MELSEC iQ-F FX5U-32MT/ES: All Versions MELSEC iQ-F FX5U-32MT/DS: All Versions MELSEC iQ-F FX5U-32MT/ESS: All Versions MELSEC iQ-F FX5U-32MT/DSS: All Versions MELSEC iQ-F FX5U-32MR/ES: All Versions MELSEC iQ-F FX5U-32MR/DS: All Versions MELSEC iQ-F FX5U-64MT/ES: All Versions MELSEC iQ-F FX5U-64MT/ESS: All Versions MELSEC iQ-F FX5U-64MT/D...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products are affected: CNCSoft-B v1.0.0.4 DOPSoft: versions prior to v4.0.0.82 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The affected product insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. CVE-2024-1595 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEARCHER Delta Electronics reported ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CISA Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following GitHub commits (versions) of ICSNPP - Ethercat Plugin, a plugin for Zeek, are affected: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin: versions d78dda6 and prior 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution. CVE-2023-7244 has been assign...