Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: CP Plus Equipment: KVMS Pro Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive credentials and control the entire CCTV system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CP Plus KVMS Pro, a software management platform, are affected: KVMS Pro V2.01.0.T.190521 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522 CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected. CVE-2023-1518 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities COUNTRIES/AREAS DEPLOYED: Worldwide ...
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Pulsar Plus Controller Vulnerabilities: Use of Insufficiently Random Values, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take control of the product or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ABB Pulsar Plus Controller, are affected: ABB Infinity DC Power Plant – H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415 ABB Pulsar Plus System Controller – NE843_S – comcode 150042936 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352 There are several fields in the web pages where a user can enter arbitrary text, such as a description of an alarm or a rectifier. These represent a cross site scripting vulnerability where JavaScript code can be entered as the description with the potential of causing...
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Equipment: EY-modulo 5 Building Automation Stations Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to privilege escalation, unauthorized execution of actions, a denial-of-service condition, or retrieval of sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SAUTER reports these vulnerabilities affect the following EY-modulo 5 Building Automation Stations: EY-AS525F001 with moduWeb 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79 An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context. CVE-2023-28650 has been assi...
1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges, which could allow attackers to write files to the RoboDK directory and achieve code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of RoboDK, a programming and simulation software, are affected: RoboDK v5.5.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT OR CRITICAL RESOURCE CWE-732 RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. CVE-2023-1516 has been assigned to this vulnerability. A CVSS v3 base score of 7.9 has been calculated; the CVSS vector string is (A...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ProPump and Controls, Inc. Equipment: Osprey Pump Controller Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of Hard-coded Password, OS Command Injection, Cross-site Scripting, Authentication Bypass using an Alternate Path or Channel, Cross-Site Request Forgery, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, retrieve sensitive information, modify data, cause a denial-of-service, and/or gain administrative control. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Osprey Pump Controller, pumping systems, and automated controls is affected: Osprey Pump Controller version 1.01 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT ENTROPY CWE-331 Osprey Pump Controller version 1.01 is vulnerable to a predicta...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens ProductCERT Equipment: RADIUS client of SIPROTEC 5 devices Vulnerability: Loop with Unreachable Exit Condition ('Infinite Loop') 2. RISK EVALUATION The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial-of-service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: SIPROTEC 5 6MD85 (CP300) - >= V7.80 = V7.80 = V7.80 SIPROTEC 5 6MU85 (CP300) - >= V7.90 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 =...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Deserialization of Untrusted Data, Improper Access Control, Exposed Dangerous Method or Function, Path Traversal, Improper Authentication, Command Injection, Incorrect Permission Assignment for Critical Resource, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of InfraSuite Device Master, a real-time device monitoring software, are affected: Versions prior to 1.0.5 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-stat...
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information from the target device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS VISAM reports these vulnerabilities affect the following VBASE products: VBASE Automation Base: versions prior to 11.7.5 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. CVE-2022-41696 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.2 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 Versions of VISAM VBASE Automation Base prior t...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity/public exploits available Vendor: Siemens ProductCERT Equipment: RUGGEDCOM APE1808 Product Family Vulnerabilities: Time-of-check Time-of-use (TOCTOU) Race Condition 2. RISK EVALUATION Exploitation of these vulnerabilities on affected products could lead to system crashing or escalation of privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0) - vers:all/* RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1) - vers:all/* RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0) - vers:all/* RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Path Traversal, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to potentially perform remote code execution on the target system/device or crash the software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software, are affected: ThinManager ThinServer: Versions 6.x – 10.x ThinManager ThinServer: Versions 11.0.0 – 11.0.5 ThinManager ThinServer: Versions 11.1.0 – 11.1.5 ThinManager ThinServer: Versions 11.2.0 – 11.2.6 ThinManager ThinServer: Versions 12.0.0 – 12.0.4 ThinManager ThinServer: Versions 12.1.0 – 12.1.5 ThinManager ThinServer: Versions 13.0.0 – 13.0.1 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMIT...