us-cert

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Rockwell Automation   Equipment: ThinManager ThinServer  Vulnerabilities: Path Traversal, Heap-Based Buffer Overflow  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to potentially perform remote code execution on the target system/device or crash the software.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software, are affected:  ThinManager ThinServer: Versions 6.x – 10.x  ThinManager ThinServer: Versions 11.0.0 – 11.0.5  ThinManager ThinServer: Versions 11.1.0 – 11.1.5  ThinManager ThinServer: Versions 11.2.0 – 11.2.6  ThinManager ThinServer: Versions 12.0.0 – 12.0.4  ThinManager ThinServer: Versions 12.1.0 – 12.1.5  ThinManager ThinServer: Versions 13.0.0 – 13.0.1  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMIT...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Sever Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges in the affected device’s default configuration, resulting in remote code execution or deleting system files and folders. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Keysight monitoring products are affected: N6854A Geolocation Server versions 2.4.2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1    DESERIALIZATION OF UNTRUSTED DATA CWE-502 N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. CVE-2023-1399 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely / low attack complexity  Vendor: Siemens  Equipment: Mendix SAML Module  Vulnerability: Incorrect Implementation of Authentication Algorithm  2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote attackers to bypass authentication and gain access to the application.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  Mendix SAML (Mendix 7 compatible): Versions 1.16.4 to 1.17.2  Mendix SAML (Mendix 8 compatible): Versions 2.2.0 to 2.2.3  Mendix SAML (Mendix 9 compatible, New Track): Versions 3.1.9 to 3.2.5  Mendix SAML (Mendix ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely   Vendor: Siemens   Equipment: RUGGEDCOM CROSSBOW  Vulnerabilities: Missing Authorization  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow authenticated remote attackers to perform unauthorized actions.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  Siemens RUGGEDCOM CROSSBOW: All versions prior to V5.2  3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHORIZATION CWE-862  The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Honeywell  Equipment: OneWireless Wireless Device Manager (WDM)  Vulnerabilities: Command Injection, Use of Insufficiently Random Values, Missing Authentication for Critical Function  2. RISK EVALUATION Successful exploitation of these vulnerabilities could disclose sensitive information, allow privilege escalation, or allow remote code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Honeywell reports these vulnerabilities affect the following versions of OneWireless WDM:   All versions up to R322.1 3.2 VULNERABILITY OVERVIEW 3.2.1 COMMAND INJECTION CWE-77  While a backup is in progress, malicious users could enter a system command along with a backup configuration, which could result in the execution of unwanted commands.   CVE-2022-46361 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity  Vendor: Siemens  Equipment: Busybox Applet affecting SCALANCE and RUGGEDCOM products  Vulnerabilities: Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Improper Locking, Improper Input Validation, NULL Pointer Dereference, Out-of-bounds Read, Release of Invalid Pointer or Reference, Use After Free, Improper Authentication, OS Command Injection, Improper Certificate Validation, Improper Resource Shutdown or Release, Race Condition, Uncaught Exception, Integer Underflow (Wrap or Wraparound), Classic Buffer Overflow, Double Free, Incorrect Authorization, Allocat...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely   Vendor: Siemens   Equipment: SCALANCE W1750D  Vulnerabilities: Inadequate Encryption Strength, Double Free, Use After Free, Improper Input Validation  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read memory contents, decrypt RSA-encrypted messages, or create a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0): All versions   SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0): All versions  SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0): All versions   3.2 VULN...

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Rockwell Automation  Equipment: Modbus TCP Server Add-On Instruction (AOI)  Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to read the connected device’s Modbus TCP Server AOI information.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Modbus TCP Server AOI, are affected:  Modbus TCP Server AOI: Versions 2.00 and 2.03  3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200  Versions of Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 are vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected devi...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Siemens   Equipment: RUGGEDCOM CROSSBOW  Vulnerabilities: Missing Authorization, SQL Injection  2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated remote attackers to access restricted data or execute arbitrary database queries via an SQL injection attack.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  Siemens RUGGEDCOM CROSSBOW: All versions prior to V5.3  3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHORIZATION CWE-862  In the affected application, the client query handler fails to check for pro...

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity   Vendor: Omron  Equipment: CJ1M PLC  Vulnerabilities: Improper Access Control    2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass user memory protections by writing to a specific memory address. An attacker can also overwrite passwords and lock engineers from reading their own memory regions.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Omron CJ1M, a programmable logic controller, are affected:  SYSMAC CJ-series  CJ2H-CPU6 □ -EIP: All versions  CJ2H-CPU6 □: All versions  CJ2M-CPU □ □: All versions  CJ1G-CPU □ □ P: All versions  SYSMAC CS-series   CS1H-CPU □ □ H: All versions  CS1G-CPU □ □ H: All versions  CS1D-CPU □ □ HA: All versions  CS1D-CPU □ □ H: All versions  CS1D-CPU □ □ SA: All versions  CS1D-CPU □ □ S: All versions  CS1D-CPU □ □ P: All versions  SYSMAC CP-series  CP2E-E □ □ D □ - □: All versions  CP2E-S □ □...