us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO, FESTO Didactic Equipment: CIROS Studio / Education, Automation Suite, FluidDraw, FluidSIM, MES-PC Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full control of the host system, including remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS FESTO, FESTO Didactic reports that the following products are affected: FESTO Didactic CIROS Studio / Education: 6.0.0 - 6.4.6 FESTO Didactic CIROS Studio / Education: 7.0.0 - 7.1.7 FESTO Festo Automation Suite: <= 2.6.0.481 FESTO FluidDraw: P6 <= 6.2k FESTO FluidDraw: 365 <= 7.0a FESTO Didactic FluidSIM: 5 all versions FESTO Didactic FluidSIM: 6 <= 6.1c FESTO Didactic MES-PC: shipped before December 2023 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network servi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Didactic Equipment: CP, MPS 200, MPS 400 Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS FESTO Didactic reports that the following products are affected: FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic CP including S7 PLC(All versions): All versions FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 200 Systems(All versions): All versions FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 400 Systems(All versions): All versions 3.2 VULNERABILITY OVERVIEW 3...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Voltronic Power, PowerShield Equipment: Viewpower, NetGuard Vulnerabilities: Exposed Dangerous Method or Function, Forced Browsing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker remotely to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Voltronic Power and PowerShield UPS monitoring software is affected, as well as other derivative products: Voltronic Power Viewpower: Version 1.04-24215 and prior Voltronic Power ViewPower Pro: Version 2.2165 and prior Powershield NetGuard: Version 1.04-22119 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749 The UPS management software normally allows a properly authenticated and authorized user using a web interface to configure the s...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650 and SAM600-IO Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to cause a denial-of-service that disrupts critical functions in the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Hitachi Energy Relion 650: All versions from 2.2.4.0 to 2.2.4.4 Hitachi Energy Relion 650: All versions from 2.2.5.0 to 2.2.5.6 Hitachi Energy Relion 650: All versions from 2.2.6.0 to 2.2.6.2 Hitachi Energy Relion 670: 2.2.2.6 Hitachi Energy Relion 670: 2.2.3.7 Hitachi Energy Relion 670: All versions from 2.2.4.0 to 2.2.4.4 Hitachi Energy Relion 670: All versions from 2.2.5.0 to 2.2.5.6 Hitachi Energy Relion 670: All versions from 2.2.6.0 to 2.2.6.2 Hitachi Energy SAM600-IO: All versions from 2....

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Modular Switchgear Monitoring (MSM) Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute untrusted code, potentially leading to unauthorized actions or system compromise. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Hitachi Energy MSM: Version 2.2.9 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e., .html(), .append(), and others) may result in the execution of untrusted code. CVE-2020-11022 has b...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Low attack complexity Vendor: TrendMakers Equipment: Sight Bulb Pro Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Improper Neutralization of Special Elements used in a Command ('Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to capture sensitive information and execute arbitrary shell commands on the target device as root if connected to the local network segment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the Sight Bulb Pro Firmware are affected: Sight Bulb Pro Firmware ZJ_CG32-2201: Version 8.57.83 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt co...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Air conditioning systems Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following air conditioning systems are affected: G-50: Ver.3.37 and prior G-50-W: Ver.3.37 and prior G-50A: Ver.3.37 and prior GB-50: Ver.3.37 and prior GB-50A: Ver.3.37 and prior GB-24A: Ver.9.12 and prior G-150AD: Ver.3.21 and prior AG-150A-A: Ver.3.21 and prior AG-150A-J: Ver.3.21 and prior GB-50AD: Ver.3.21 and prior GB-50ADA-A: Ver.3.21 and prior GB-50ADA-J: Ver.3.21 and prior EB-50GU-A: Ver.7.11 and prior EB-50GU-J: Ver.7.11 and prior AE-200J: Ver.8.01 and prior AE-200A: Ver.8.01 and prior AE-200E: Ver.8.01 and prior AE-50J: Ver.8.01 and prior AE-50A: Ver.8.01 an...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MICROSENS Equipment: NMP Web+ Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Insufficient Session Expiration, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain system access, overwrite files or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of NMP Web+ are affected: NMP Web+: Version 3.2.5 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS CWE-547 The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. CVE-2025-49151 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). A CVSS v4 score h...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Parsons Equipment: AccuWeather and Custom RSS widget Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to insert a malicious link that users might access through the RSS feed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of AccuWeather and Custom RSS widget are affected: Parsons Utility Enterprise Data Management: Version 5.18 Parsons Utility Enterprise Data Management: Version 5.03 Parsons Utility Enterprise Data Management: Versions 4.02 through 4.26 Parsons Utility Enterprise Data Management: Version 3.30 AclaraONE Utility Portal: versions prior to 1.22 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthentica...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EVLink WallBox Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain remote control of the charging station. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: EVLink WallBox: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability exists, which could cause arbitrary file writes when an unauthenticated user on ...