us-cert

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: BirdDog Equipment: STUDIO R3, 4K QUAD, MINI, A300 EYES Vulnerabilities: Cross-Site Request Forgery, Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code or obtain unauthorized access to the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following BirdDog camera and encoder versions are affected: 4K QUAD:  Versions 4.5.181 and 4.5.196 MINI: Version 2.6.2 A300 EYES: Version 3.4 STUDIO R3: Version 3.6.4 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352 The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. CVE-2023-2505 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N). 3.2.2 USE OF HARD-CODED CREDENTIALS...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity  Vendor: Hitachi Energy  Equipment: Modular Switchgear Monitoring (MSM)  Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Capture-replay, Code Injection, Improper Restriction of Operations within the Bounds of a Memory Buffer, NULL Pointer Dereference, Insufficient Entropy  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain user access credentials of the MSM web interface or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected:  MSM: 2.2.5 and earlier  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307  The code that performs password matching when using 'basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. An unauthenticated network att...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity  Vendor: Mitsubishi Electric  Equipment: Factory Automation (FA) Products  Vulnerabilities: Dependency on Vulnerable Third-Party Component  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious attacker to escalate privileges, disclose parameter information in the affected products, and cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric Factory Automation products are affected:  MELIPC Series  MI5122-VM: All versions  MI1002-W: All versions  MI2012-W: All versions  MI3321G-W: All versions  MI3315G-W: All versions  MELSEC iQ-R Series  R102WCPU-W: All versions  MELSEC Q Series  Q24DHCCPU-V: All versions  Q24DHCCPU-VG: All versions  Q24DHCCPU-LS: All versions   Q26DHCCPU-LS: All versions  3.2 VULNERABILITY OVERVIEW 3.2.1 DEPENDENCY ON VULNERABLE THIRD-PARTY COMPONENT CWE-1395  These vulnerabilities in Intel products ...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Keysight  Equipment: N8844A Data Analytics Web Service  Vulnerability: Deserialization of Untrusted Data  2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Keysight reports this vulnerability affects the following data analytics web service software:   N8844A Data Analytics Web Service: Version 2.1.7351 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502  Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.  CVE-2023-1967 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).  3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Communications, Government  COUNTRIES/AREAS DEPLOYED: Worldwi...

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available  Vendor: Scada-LTS  Equipment: Scada-LTS  Vulnerability: Cross-site Scripting  2. RISK EVALUATION Successful exploitation of this vulnerability could allow loss of sensitive information and execution of arbitrary code.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Scada-LTS, an open-source HMI, are affected:  Scada-LTS Versions 2.7.4 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79  Scada-LTS versions 2.7.4 and prior are vulnerable to cross-site scripting. This could allow a remote attacker to craft malicious URLs that may execute arbitrary code in an authenticated user’s browser and print sensitive information.  CVE-2015-1179 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/...

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU  Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ME RTU, a remote terminal unit, are affected:  ME RTU: versions prior to 3.36 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78  Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to operating system (OS) command injection, which could allow an attacker to remotely execute arbitrary code.  CVE-2023-2131 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).  3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy, Water and Wastewater, Transportation  COUNTRIES/AREAS DEPLOYED: ...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Schneider Electric  Equipment: APC Easy UPS Online Monitoring Software, Schneider Electric Easy UPS Online Monitoring Software  Vulnerabilities: Missing Authentication for Critical Function, Improper Handling of Case Sensitivity  2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution, escalation of privileges, or authentication bypass, which then result in malicious web code execution or loss of device functionality.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Easy UPS Online Monitoring Software for Windows 10, 11, Windows Server 2016, 2019, 2022 are affected:  APC Easy UPS Online Monitoring Software: Version V2.5-GA-01-22320 and prior  Schneider Electric Easy UPS Online Monitoring Software: Version V2.5-GA-01-22320 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306  A v...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Omron  Equipment: SYSMAC CS/CJ Series  Vulnerability: Missing Authentication for Critical Function  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information in the file system and memory.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron CS/CJ series, programmable logic controllers, are affected:  SYSMAC CJ2H-CPU6[]-EIP: all versions  SYSMAC CJ2H-CPU6[]: all versions  SYSMAC CJ2M-CPU[][]: all versions  SYSMAC CJ1G-CPU[][]P: all versions  SYSMAC CS1H-CPU[][]H: all versions  SYSMAC CS1G-CPU[][]H: all versions  SYSMAC CS1D-CPU[][]HA: all versions  SYSMAC CS1D-CPU[][]H: all versions  SYSMAC CS1D-CPU[][]SA: all versions  SYSMAC CS1D-CPU[][]S: all versions  SYSMAC CS1D-CPU[][]P: all versions  3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306  Omron CS/CJ series programmable...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: CPCI85 Firmware of SICAM A8000 Devices  Vulnerability: Improper Neutralization of Special Elements used in a Command ('Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05  CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to CPCI85 V05  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77  Affected devices are vulnerable to command injection via the web server port 443/TCP if the parameter “Remote Operation” is enabled; this parameter is disabled by default. This vulnerability could allow an unauthenticated remote at...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: Industrial Products  Vulnerabilities: Use After Free, Deadlock, Allocation of Resources Without Limits or Throttling  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): All versions  SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions  SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants): All versions  SIMATIC CP 1243-1 IEC (incl. SIPLUS variants): All v...