us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition, obtain administrator credentials, or achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ViewPower Pro, an Uninterruptable Power Supply (UPS) management software, are affected: ViewPower Pro: 2.0-22165 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 The affected product deserializes untrusted data without sufficiently verifying the resulting data will be valid. CVE-2023-51570 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector stri...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable via adjacent network / low attack complexity Vendor: APsystems Equipment: Energy communication Unit (ECU-C) Power Control Software Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive data and execute specific commands and functions with full admin rights without authenticating. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following APsystems products are affected: Energy Communication Unit Power Control Software: C1.2.2 Energy Communication Unit Power Control Software: v3.11.4 Energy Communication Unit Power Control Software: W2.1.NA Energy Communication Unit Power Control Software: v4.1SAA Energy Communication Unit Power Control Software: v4.1NA 3.2 Vulnerability Overview 3.2.1 IMPROPER ACCESS CONTROL CWE-284 APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows a...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: Lynx 206-F2G Vulnerabilities: Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of Sensitive Information, Cross-Site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access the web application, inject arbitrary code, execute malicious code, obtain sensitive information, or execute a malicious request. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Lynx 206-F2G, a layer three industrial Ethernet switch, are affected: Lynx: Model Version L206-F2G1 Lynx: Firmware Version 4.24. 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site sc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: XPort Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of XPort, a device server configuration manager, are affected: XPort Device Server Configuration Manager: Version 2.0.0.13 3.2 Vulnerability Overview 3.2.1 Weak Encoding for Password CWE-261 Lantronix XPort sends weakly encoded credentials within web request headers. CVE-2023-7237 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Healthcare, Transportation COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3.4 RESEARCHER Aarón Flecha Menéndez of S2...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Crestron Equipment: AM-300 Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges to root-level access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Crestron AirMedia Presentation System products are affected: AM-300: Version 1.4499.00018 3.2 Vulnerability Overview 3.2.1 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access. CVE-2023-6926 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calculated; the CVSS vector string is AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNT...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Server Vulnerabilities: Improper Check or Handling of Exceptional Conditions, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the product being accessed or throttle the memory leading to a partial denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA PI Server, are affected: PI Server: 2023 PI Server: 2018 SP3 P05 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703 AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition. CVE-2023-34348 has been assigned to this vulnerability. A CVSS v3 base sco...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: SEW-EURODRIVE Equipment: MOVITOOLS MotionStudio Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access to file information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MOVITOOLS MotionStudio are affected: MOVITOOLS MotionStudio: Version 6.5.0.2 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 When the affected product processes XML information unrestricted file access can occur. CVE-2023-6926 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER Esjay (@esj4y) working with Trend Micr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Integration Objects Equipment: OPC UA Server Toolkit Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to add content to the log file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of OPC UA Server Toolkit, OPC library designed to allow creation of OPC DA, DX and HDA servers software, are affected: OPC UA Server Toolkit: All versions 3.2 Vulnerability Overview 3.2.1 Improper Output Neutralization for Logs CWE-117 OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field. CVE-2023-7234 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Authorization Bypass Through User-Controlled Key, Improper Input Validation, Use of Default Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely login as root or cause denial of service condition of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC CN 4100: Versions prior to V2.7 3.2 Vulnerability Overview 3.2.1 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639 The "intermediate installation"...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Horner Automation products are affected: Cscape: Versions 9.90 SP10 and prior 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape. CVE-2023-7206 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COM...