us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: QNAP Equipment: VioStor NVR Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution by exploiting NTP settings. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of QNAP VioStor NVR, are affected: VioStor NVR QVR firmware: All versions prior to 4.x 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 QNAP VioStor NVR versions prior to QVR Firmware 4.x are vulnerable to an OS command injection vulnerability that may allow an attacker to modify NTP settings in the device. This could result in remote code execution. CVE-2023-47565 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been calculated; the CVSS vector s...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving arbitrary code execution and privilege escalation through the unquoted service path. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PowerSYSTEM Center, a multi-function management platform, are affected: PowerSYSTEM Center: 2020 v5.0.x through 5.16.x 3.2 Vulnerability Overview 3.2.1 UNQUOTED SEARCH PATH OR ELEMENT CWE-428 Subnet Solutions PowerSYSTEM Center versions 2020 v5.0.x through 5.16.x contain a vulnerability that could allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. CVE-2023-6631 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Open Design Alliance (ODA) Equipment: Drawing SDK Vulnerabilities: Use after Free, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to disclose sensitive information on affected installations of ODA Drawing SDK. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ODA Drawing SDK are affected: Drawing SDK: Versions prior to 2024.1 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 Open Design Alliance's Drawing SDK prior to Version 2024.1 is vulnerable to a use after free attack. Exploitation of this vulnerability requires the target to visit a malicious page or open a malicious file. The specific vulnerability exists within the parsing of DWG files. Crafted data in a DWG file can trigger a use after free attack past the end of an allocated buffer. An attacker could leverage this vulnerability in conjunction wit...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: EFACEC Equipment: BCU 500 Vulnerabilities: Uncontrolled Resource Consumption, Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition on the affected product or compromise the web application through a cross-site request forgery (CSRF) vulnerability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of EFACEC BCU 500, an automation and control IED, is affected: BCU 500: version 4.07 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. CVE-2023-50707 has been assigned to this vulnerability. A CVSS v3 base score of 9.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H). 3.2....

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: EuroTel Equipment: ETL3100 Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authorization Bypass Through User-Controlled Key, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions EuroTel ETL3100 radio transmitter are affected: ETL3100: version v01c01 ETL3100: version v01x37 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307 EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. CVE-2023-6928 has been assigned to this vuln...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: EFACEC Equipment: UC 500 Vulnerabilities: Cleartext Transmission of Sensitive Information, Open Redirect, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve sensitive information, gain unauthorized access to the product, or redirect users to malicious websites. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of EFACEC UC 500E, a HMI, is affected: UC 500E: version 10.1.0 3.2 Vulnerability Overview 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. CVE-2023-50703 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vec...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Cambium Equipment: ePMP Force 300-25 Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Cambium ePMP Force 300-25 radio are affected: ePMP Force 300-25: version 4.7.0.1 3.2 Vulnerability Overview 3.2.1 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94 Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. CVE-2023-6691 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Communications COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Missing Encryption of Sensitive Data, Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Improper Input Validation, Out-of-bounds Write, Out-of-bounds Read, Infinite Loop, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Allocation of Resources Without Limits or ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Certificate Validation, Improper Input Validation, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Unexpected Status Code or Return Value, Missing Report of Error Condition, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition, intercept credentials, or escalate privileges on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The foll...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINUMERIK MC, SINUMERIK ONE Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SINUMERIK MC: All versions SINUMERIK ONE: All versions 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial-of-service condition. A restart is needed to...