us-cert

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Siemens ​Equipment: SIMATIC, SIPLUS ​Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to recover the product’s connection secret. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected:  ​SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): versions prior to V2.2 ​SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): versions prior to V2.2 ​SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): versions V3.0.1 to V3.0.3 ​SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): versions prior to V2.9.7 ​SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): versions V3.0.1 to V3.0.3 ​SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): versions prior to V2.9.7 ​SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0): versions prior to V3.2.19 ​SIMATIC ET 200pro IM154-8F PN/DP CPU (...

1. EXECUTIVE SUMMARY CVSS v3 9.1  ATTENTION: Exploitable remotely / low attack complexity   Vendor: Siemens   Equipment: RUGGEDCOM  Vulnerability: Incorrect Provision of Specified Functionality  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject information into the network via the mirror port. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: RUGGEDCOM i800: All versions prior to V4.3.8 RUGGEDCOM i800NC: All versions prior to V4.3.8 RUGGEDCOM i801: All versions prior to V4.3.8 RUGGEDCOM i801NC: All versions prior to V4.3.8 RUGGEDCOM i802: All versions prior to V4.3.8 RUGGEDCOM i802NC: All versions prior to V4.3.8 RUGGEDCOM i803: All versions prior to V4.3.8 RUGGEDCOM i803NC: All versions prior to V4.3.8 RUGGEDCOM M2100: All versions prior to V4.3.8 RUGGEDCOM M2100F: All versions RUGGEDCOM M2100NC: All versions prior to V4.3.8 RUGGEDCOM M2200: All versions prior to V4.3.8 RUGGEDCOM M2200F: All ve...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: Software Center ​Vulnerabilities: Uncontrolled Search Path Element, Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow a local attacker to execute code with elevated privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected:  ​Siemens Software Center: All versions prior to v3.0 3.2 VULNERABILITY OVERVIEW 3.2.1 ​UNCONTROLLED SEARCH PATH ELEMENT CWE-427 ​A DLL hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. ​CVE-2021-41544 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.2 ​IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') ...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM CROSSBOW ​Vulnerabilities: Out-of-bounds Read, Improper Privilege Management, SQL Injection, Missing Authentication for Critical Function 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary database queries via SQL injection attacks, create a denial-of-service condition, or write arbitrary files to the application's file system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Siemens reports that the following server application is affected:  ​RUGGEDCOM CROSSBOW: Versions prior to V5.4 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS READ CWE-125 ​An issue found in SQLite3 v.3.35.4 that could allow a remote attacker to cause a denial of service via the appendvfs.c function. ​CVE-2021-31239 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ​Vulnerability: Allocation of Resources without Limits or Throttling 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthorized attacker to cause total loss of availability in the affected devices’ web server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: ​RUGGEDCOM i800: All versions prior to V4.3.8 ​RUGGEDCOM i800NC: All versions prior to V4.3.8 ​RUGGEDCOM i801: All versions prior to V4.3.8 ​RUGGEDCOM i801NC: All versions prior to V4.3.8 ​RUGGEDCOM i802: All versions prior to V4.3.8 ​RUGGEDCOM i802NC: All versions prior to V4.3.8 ​RUGGEDCOM i803: All versions prior to V4.3.8 ​RUGGEDCOM i803NC: All versions prior to V4.3.8 ​RUGGEDCOM M2100: All versions prior to V4.3.8 ​RUGGEDCOM M2100F: All versions ​RUGGEDCOM M2100NC: All versions prior to V4.3.8 ​RUGGEDCOM M2200: All versions...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge ​Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected:  ​Solid Edge SE2023: All versions prior to V223.0 Update 7 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS WRITE CWE-787 ​The affected application contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. ​CVE-2023-39181 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 ​OUT-OF-BOUNDS READ CWE-125 ​The affected applications contain an...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: low attack complexity ​Vendor: Schneider Electric ​Equipment: IGSS (Interactive Graphical SCADA System) ​Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow arbitrary code execution or loss of control of the SCADA system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Schneider Electric reports this vulnerability affects the following IGSS (Interactive Graphical SCADA System) products:   ​IGSS Dashboard (DashBoard.exe): v16.0.0.23130 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 ​A deserialization of untrusted data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to arbitrary code execution when an attacker gets the user to open a malicious file. ​CVE-2023-3001 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CV...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: RTU500 series ​Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could cause a buffer overflow and reboot of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Hitachi Energy reports these vulnerabilities affect the following RTU500 series products: ​RTU500 series CMU: Firmware versions 13.3.1–13.3.2 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 ​A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited if the HCI 60870-5-104 is configured with IEC 62351-5 support and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted messa...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Mitsubishi Electric products are affected when either of the following cases apply:  ​The case of transferring data with GT Designer3 Version1(GOT2000) listed below and GOT2000 Series or GOT SIMPLE Series listed below with the Data Transfer Security function enabled.  ​The case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 listed below and GOT2000 series listed below with the Data Transfer Security function enabled.  ​GT Designer3 Version1 (GOT2000): v1.295...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER reports this vulnerability affects the following versions of TelWin SCADA WebInterface: TelWin SCADA WebInterface: versions 3.2 to 6.1 TelWin SCADA WebInterface: versions 7.0 to 7.1 TelWin SCADA WebInterface: versions 8.0 and 9.0 3.2 VULNERABILITY OVERVIEW 3.2.1 PATH TRAVERSAL CWE-35 External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system. CVE-2023-0956 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been ...