us-cert

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconfigure the device or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ETIC Telecom RAS are affected:  ETIC Telecom RAS: All versions 4.7.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 INSECURE DEFAULT INITIALIZATION OF RESOURCE CWE-1188  ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition. CVE-2023-3453 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KEPServerEX, an industrial automation data concentrator and device manager, are affected: KEPServerEX: Versions 6.0 to 6.14.263 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode u...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending specially crafted packets. System reset is required for recovery. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric CNC series products are affected: M8V Series  M800VW (BND-2051W000-**): All versions M800VS (BND-2052W000-**): All versions M80V (BND-2053W000-**): All versions M80VW (BND-2054W000-**): All Versions M8 Series  M800W (BND-2005W000-**): All versions M800S (BND-2006W000-**): All versions M80 (BND-2007W000-**): All versions M80W (BND-2008W000-**): All versions E80 (BND-2009W000-**): All versions C80 C80 C80 (BND-2036W000-**): All Versions M7V Series M700VW (BND-1012W000-...

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a network door controller, are affected: AXIS A1001: 1.65.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 A heap-based buffer overflow vulnerability exists in the AXIS 1001 versions 1.65.4 and prior. When communicating over the Open Supervised Device Protocol (OSDP), the pacsiod process that handles the OSDP communication allows for writing outside of the allocated buffer. By appending invalid data to an OSDP message, it is possible to write data beyond the heap allocated buffer. The data written outside the buffer could allow an attacker to execute arbitrary code. CVE-2023-21406 has been assig...

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: IQ Wifi 6: All firmware versions prior to 2.0.2 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Restriction of Execssive Authentication Attempts CWE-307 In firmware versions prior to v2.0.2 of Johnson Controls IQ Wifi 6, an unauthorized user could gain account access by conducting a brute force authentication attack. CVE-2023-3548 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). 3.3 BACKGROUND Critical Infrastructure Sectors: Critical Ma...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software: ThinManager ThinServer: versions 13.0.0—13.0.2 and 13.1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Relative Path Traversal CWE-23 An executable used in the affected products can be configured to enable an API feature in the HTTPS server settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that could allow a remote actor to levera...

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or control of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products are affected: ROC809 & ROC827— All firmware versions, all hardware series ROC809L & ROC827L— All firmware versions DL8000— All firmware versions, all hardware series The Series 1 ROC800 and DL8000 became obsolete in 2008 when the Series 2 was introduced. 3.2 VULNERABILITY OVERVIEW 3.2.1 Authentication Bypass By Primary Weakness CWE-305 ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to components, ability to execute arbitrary code, or ability to execute a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS EcoStruxure Control Expert: All versions prior to V15.3 EcoStruxure Process Expert: Version V2020 and prior Modicon M340 CPU (part numbers BMXP34*): All versions prior to SV3.51 Modicon M580 CPU (part numbers BMEP* and BMEH*): All versions prior to SV4.10 Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S): All versions Modicon Momentum Unity M1E Processor (171CBU*): All versions prior to SV2.6 Modicon MC80 (BMKC80): All versions Legacy Modicon Quantum (140CPU65*) and...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8  ​ATTENTION: Exploitable remotely/low attack complexity/public exploits are available ​Vendor: GeoVision ​Equipment: GV-ADR2701 ​Vulnerabilities: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to log in to the camera’s web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​GeoVision reports this vulnerability affects the following GV-ADR2701 cameras:  ​GV-ADR2701: Version V1.00_2017_12_15 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER AUTHENTICATION CWE-287 ​In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. ​CVE-2023-3638 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND ​CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities ​COUNTRIES/AREAS DEPLOYED: Worldwide ​COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEAR...

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or send malicious data which can lead to a buffer overflow. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of WellinTech KingHistorian, a time-series database, are affected: KingHistorian: version 35.01.00.05 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this v...