us-cert

1. EXECUTIVE SUMMARY ​CVSS v3 6.8 ​ATTENTION: Low attack complexity ​Vendor: Trane ​Equipment: XL824, XL850, XL1050, and Pivot thermostats ​Vulnerability: Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as root using a specially crafted filename. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Trane reports this vulnerability affects the following thermostats: ​Trane Technologies XL824 Thermostat: Firmware versions 5.9.8 and earlier ​Trane Technologies XL850 Thermostat: Firmware versions 5.9.8 and earlier  ​Trane Technologies XL1050 Thermostat: Firmware versions 5.9.8 and earlier ​Trane Technologies Pivot Thermostat: Firmware versions 1.8 and earlier 3.2 VULNERABILITY OVERVIEW 3.2.1 ​INJECTION CWE-74 ​A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requ...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a disclosure of sensitive information, a denial of service, or modification of data if an attacker is able to intercept network traffic. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Schneider Electric PowerLogic, a power meter, are affected: PowerLogic ION9000: All versions prior to 4.0.0 PowerLogic ION7400: All versions prior to 4.0.0 PowerLogic PM8000: All versions prior to 4.0.0 PowerLogic ION8650: All versions PowerLogic ION8800: All versions Legacy ION products: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 A cleartext transmission of sensitive information vulner...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Walchem Equipment: Intuition 9 Vulnerabilities: Missing Authentication for Critical Function, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to download and export sensitive data or grant an attacker direct login to a device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Intuition 9, a water treatment controller, are affected:  Intuition 9: versions prior to v4.21 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data. CVE-2023-38422 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/...

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: ICONICS, Mitsubishi Electric ​Equipment: ICONICS Product Suite ​Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​ICONICS reports these vulnerabilities affect the following products using OpenSSL: ​ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 3.2 VULNERABILITY OVERVIEW 3.2.1 ​CLASSIC BUFFER OVERFLOW CWE-120 ​A denial of service and potential crash vulnerability due to a buffer overrun condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate name constraint checking. ​CVE-2022-3602 has been assigned to this vulnerability. A CVSS v3 base s...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Rockwell Automation ​Equipment: Armor PowerFlex ​Vulnerability: Incorrect Calculation 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to send an influx of network commands, causing the product to generate an influx of event log traffic at a high rate, resulting in the stop of normal operation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Rockwell Automation products are affected:  ​Armor PowerFlex: v1.003 3.2 VULNERABILITY OVERVIEW 3.2.1 ​INCORRECT CALCULATION CWE-682 ​A vulnerability was discovered in Armor PowerFlex when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset. The error code would ...

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80 Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Schneider Electric EcoStruxure and Modicon are affected: EcoStruxure Control Expert: All versions EcoStruxure Process Expert: Version V2020 & prior Modicon M340 CPU (part numbers BMXP34*): All versions Modicon M580 CPU (part numbers BMEP* and BMEH*): All versions Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S): All versions Modicon Momentum Unity M1E Processor (171CBU*): All versions Modicon MC80 (BMKC80): All versi...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge, JT2Go, and Teamcenter Visualization ​Vulnerabilities: Use After Free, Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​JT2Go: All versions prior to v14.2.0.5 ​Solid Edge SE2022: All versions prior to v222.0 Update 13 ​Solid Edge SE2023: All versions prior to v223.0 Update 4 ​Teamcenter Visualization V13.2: All versions prior to v13.2.0.15 ​Teamcenter Visualization V13.2: All versions prior to v13.2.0.14 ​Teamcenter Visualization V13.3: All versions prior to v13.3.0.11 ​Teamcenter Visualization V14.1: All versions prior to v14.1.0.11 ​Teamcenter Visualization V14.1: All versions prior to v14.1.0.10 ​Teamcenter Visualization V14.2: All versions prior ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Parasolid ​Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to misuse the vulnerability and escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected if installed with Parasolid installer: ​Parasolid V35.0: All versions ​Parasolid V35.1: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 ​Nullsoft Scriptable Install System (NSIS) before v3.09 creates an "uninstall directory" with insufficient access control. This could allow an attacker to misuse the vulnerability and escalate privileges. ​CVE-2023-37378 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: JT Open, JT Utilities, and Parasolid ​Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​JT Open: All versions prior to v11.4 ​JT Utilities: All versions prior to v13.4 ​Parasolid v34.0: All versions prior to v34.0.253 ​Parasolid v34.1: All versions prior to v34.1.243 ​Parasolid v35.0: All versions prior to v35.0.177 ​Parasolid v35.1: All versions prior to v35.1.073 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS READ CWE-125 ​The affected applications contain an out-of-bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. ​CVE-2023-30795 has bee...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid and Teamcenter Visualization Vulnerabilities: NULL Pointer Dereference, Out-of-bounds Read, Out-of-bounds Write, Allocation of Resources without Limits or Throttling 2. RISK EVALUATION An attacker could successfully exploit these vulnerabilities by tricking a user into opening a malicious file, allowing the attacker to cause a denial of service or perform remote code execution in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Parasolid V34.1: versions prior to V34.1.258 Parasolid V35.0: versions prior to V35.0.254 Parasolid V35.1: versions prior to V35.1.171 Parasolid V35.1: versions prior to V35.1.197 Parasolid V35.1: versions prior to V35.1.184 Teamcenter Visualization V14.1: all versions Teamcenter Visualization V14.2: versions prior to V14.2.0.6 Teamcenter Visualization V14.3: all versions 3....