us-cert

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely  Vendor: FANUC  Equipment: ROBOGUIDE-HandlingPRO  Vulnerability: Path Traversal  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and/or overwrite files on the system running the affected software.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ROBOGUIDE-HandlingPRO, a robot simulation software, are affected:  ROBOGUIDE-HandlingPRO: Versions 9 Rev.ZD and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITA8TION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22  FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software.  CVE-2023-1864 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).  3.3 BACKGROUND CRITIC...

1. EXECUTIVE SUMMARY CVSS v3 7.8  ATTENTION: Low attack complexity   Vendor: JTEKT ELECTRONICS CORPORATION  Equipment: Screen Creator Advance 2  Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Use After Free  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of JTEKT ELECTRONICS Screen Creator Advance 2, a software program, are affected:  JTEKT ELECTRONICS Screen Creator Advance 2: Ver0.1.1.4 Build01  3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787  When an out-of-specification error is detected, an out-of-bounds write may occur because there is no error handling process. CVE-2023-22345 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).  3.2.2 OUT-OF-BOUNDS READ CWE-125  An out-of-bounds read may occur ...

1. EXECUTIVE SUMMARY CVSS v3 8.8  ATTENTION: Exploitable remotely/low attack complexity  Vendor: Korenix  Equipment: Jetwave  Vulnerabilities: Command Injection, Uncontrolled Resource Consumption  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the underlying operating system of the device or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Korenix Jetwave, are affected:  Korenix JetWave4221 HP-E versions V1.3.0 and prior  Korenix JetWave 3220/3420 V3 versions prior to V1.7  Korenix JetWave 2212G version V1.3.T  Korenix JetWave 2212X/2112S version V1.3.0  Korenix JetWave 2211C versions prior to V1.6  Korenix JetWave 2411/2111 versions prior to V1.5  Korenix JetWave 2411L/2111L versions prior to V1.6  Korenix JetWave 2414/2114 versions prior to V1.4  Korenix JetWave 2424 versions prior to V1.3  Korenix JetWave 2460 versions prior to V1.6  3.2 VULNERABILITY OVERVIE...

1. EXECUTIVE SUMMARY CVSS v3 9.1  ATTENTION: Exploitable remotely/low attack complexity/public exploits are available  Vendor: Industrial Control Links  Equipment: ScadaFlex II SCADA Controllers  Vulnerability:  External Control of File Name or Path  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to overwrite, delete, or create files.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Industrial Control Links ScadaFlex II SCADA Controllers are affected:  SW: 1.03.07 (build 317), WebLib: 1.24  SW: 1.02.20 (build 286), WebLib: 1.24  SW: 1.02.15 (build 286), WebLib: 1.22  SW: 1.02.01 (build 229), WebLib: 1.16  SW: 1.01.14 (build 172), WebLib: 1.14  SW: 1.01.01 (build 2149), WebLib: 1.13  3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73  On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 devices, unauthenticated remote attackers can overwrite, delete, or create files. This allows an atta...

1. EXECUTIVE SUMMARY CVSS v3 9.9  ATTENTION: Exploitable remotely/low attack complexity/public exploits are available  Vendor: mySCADA Technologies  Equipment: mySCADA myPRO  Vulnerabilities: OS Command Injection  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated user to inject arbitrary operating system commands.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of myPRO HMI/SCADA systems are affected:  myPRO: versions 8.26.0 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 OS COMMAND INJECTION CWE-78  mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.  CVE-2023-28400 has been assigned to this vulnerability. A CVSS v3 base score of 9.9 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).  3.2.2 OS COMMAND INJECTION CWE-78  mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated use...

1. EXECUTIVE SUMMARY CVSS v3 7.8  ATTENTION: Low attack complexity   Vendor: JTEKT ELECTRONICS CORPORATION  Equipment: Kostac PLC Programming Software  Vulnerabilities: Out-of-bounds Read, Use After Free  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of JTEKT ELECTRONICS Kostac PLC Programming Software are affected:  JTEKT ELECTRONICS Kostac PLC Programing Software: Versions 1.6.9.0 and earlier  3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125  When a specially crafted project file is opened, out-of-bounds read occurs when processing a comment block in stage information because the end of data cannot be verified.  CVE-2023-22419 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).  3.2.2 OUT-OF-BOUNDS READ CWE-12...

1. EXECUTIVE SUMMARY CVSS v3 9.9  ATTENTION: Exploitable remotely/low attack complexity  Vendor: Hitachi Energy  Equipment: MicroSCADA System Data Manager SDM600  Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Improper Authorization, Improper Resource Shutdown or Release, Improper Privilege Management  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s MicroSCADA SDM600, a data management tool, are affected:  SDM600: Versions prior to v1.2 FP3 HF4 (Build Nr. 1.2.23000.291)  SDM600: Versions prior to v1.3.0 (Build Nr. 1.3.0.1339)  3.2 VULNERABILITY OVERVIEW 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434  A vulnerability exists in the affected SDM600 versions file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially cra...

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Nexx Equipment: Garage Door Controller, Smart Plug, Smart Alarm Vulnerabilities: Use of Hard-coded Credentials, Authorization Bypass through User-controlled Key, Improper Input Validation, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to receive sensitive information, execute application programmable interface (API) requests, or hijack devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Nexx Smart Home devices are affected: Nexx Garage Door Controller (NXG-100B, NXG-200): Version nxg200v-p3-4-1 and prior Nexx Smart Plug (NXPG-100W): Version nxpg100cv4-0-0 and prior Nexx Smart Alarm (NXAL-100): Version nxal100v-p1-9-1and prior 3.2 VULNERABILITY OVERVIEW 3.2.1    USE OF HARD-CODED CREDENTIALS CWE-798 CVE-2023-1748 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculat...

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: IEC 61850 MMS-Server Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions Hitachi Energy equipment using the IEC 61850 communication stack are affected: TXpert Hub CoreTec 4 version 2.0.x TXpert Hub CoreTec 4 version 2.1.x TXpert Hub CoreTec 4 version 2.2.x TXpert Hub CoreTec 4 version 2.3.x TXpert Hub CoreTec 4 version 2.4.x TXpert Hub CoreTec 4 version 3.0.x TXpert Hub CoreTec 5 version 3.0.x Tego1_r15b08 (FOX615 System Release R15B) Tego1_r2a16_03 (FOX615 System Release R14A) Tego1_r2a16 Tego1_r1e01 Tego1_r1d02 Tego1_r1c07 Tego1_r1b02 GMS600 version 1.3 Relion 670 1.2 (Limited) Relion 670 2.0 (Limited) Relion 650 version 1.1 (Limited) Relion...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: SAUTER  Equipment: EY-modulo 5 Building Automation Stations  Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous Type  2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to privilege escalation, unauthorized execution of actions, a denial-of-service condition, or retrieval of sensitive information.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SAUTER reports these vulnerabilities affect the following EY-modulo 5 Building Automation Stations:   EY-AS525F001 with moduWeb  3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79  An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context.  CVE-2023-28650 has been assi...