Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PiiGAB, Processinformation i Göteborg Aktiebolag Equipment: M-Bus SoftwarePack 900S Vulnerabilities: Code Injection, Improper Restriction of Excessive Authentication Attempts, Unprotected Transport of Credentials, Use of Hard-coded Credentials, Plaintext Storage of a Password, Cross-site Scripting, Weak Password Requirements, Use of Password Hash with Insufficient Computational Effort, Cross-Site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash allow an attacker to inject arbitrary commands, steal passwords, or trick valid users into executing malicious commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PiiGAB reports these vulnerabilities affect the following wireless meter reading software: M-Bus SoftwarePack 900S 3.2 VULNERABILITY OVERVIEW 3.2.1 CODE INJECTION CWE-94 PiiGAB M-Bus does not correctly sanitize user input, which could all...
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ABUS Equipment: ABUS Security Camera Vulnerability: Command injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary file reads or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ABUS TVIP, an indoor security camera, are affected: ABUS TVIP: 20000-21150 3.2 VULNERABILITY OVERVIEW 3.2.1 COMMAND INJECTION CWE-77 ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. CVE-2023-26609 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Comercial Facilities COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Improper Access Control, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges or remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products are affected: InfraSuite Device Master: Versions prior to 1.0.7 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284 An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. CVE-2023-34316 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.2 IMPROPER ACCESS CONTROL CWE-284 Delta Electronics In...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity/public exploits are available Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert VXDZ Vulnerability: Improper Control of Generation of Code ('Code Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code and gain access to sensitive information on the machine. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric EcoStruxure Operator Terminal Expert, a human machine interface (HMI) application, are affected: EcoStruxure Operator Terminal Expert: Versions 3.3 SP1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94 Schneider Electric EcoStruxure operator Terminal Expert versions 3.3 SP1 and prior are vulnerable to a code injection attack that could allow an attacker to execute arbitrary code and gain access to all information on the machine. ...
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ovarro Equipment: TBox RTUs Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy, Improper Authorization, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in sensitive system information being exposed and privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following firmware versions of TBox RTUs are affected: TBox MS-CPU32: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) TBox MS-CPU32-S2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) TBox LT2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) TBox TG2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-3660...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login to the product by sending specially crafted packets. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports this vulnerability affects the following MELSEC-F Series products if they are used with ethernet communication special adapter FX3U-ENET-ADP or ethernet communication block FX3U-ENET(-L). These products are sold in limited regions: FX3U-xMy/z x=16,32,48,64,80,128, y=T,R, z=ES,ESS,DS,DSS *1: All versions FX3U-32MR/UA1, FX3U-64MR/UA1 *1: All versions FX3U-32MS/ES, FX3U-64MS/ES *1: All versions FX3U-xMy/ES-A x=16,32,48,64,80,128, y=T,R *1*2: All versions FX3UC-xMT/z x=16,32,64,96, z=D,DSS *1: All versions FX3UC-16MR/D-T, FX3UC-16MR/DS-T *1: All versions FX3UC-32MT...
1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN, UNEM Products Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could permit an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN: Version R16A FOXMAN-UN: Version R15B FOXMAN-UN: Version R15A UNEM: Version R16A UNEM Version R15B UNEM: Version R15A The following version and sub-versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN: Version R14B FOXMAN-UN: Version R14A FOXMAN-UN: Version R11B FOXMAN-UN: Version R11A FOXMAN-UN: Version R10C FOXMAN-UN: Version R9C UNEM: Version R14B UNEM: Version R14A UNEM: Version R11B UNEM: Version R11A UNEM: Version R10C UNEM: Version R9C 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER OUTPUT ...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to authenticate as a valid user or access files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Advantech reports these vulnerabilities affects the following R-SeeNet monitoring application: R-SeeNet: versions 2.4.22 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Advantech R-SeeNet is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. CVE-2023-2611 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73 ...
1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SpiderControl Equipment: SCADAWebServer Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SCADAWebServer are affected: SCADAWebServer: Versions 2.08 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. CVE-2023-3329 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vecto...
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Enphase Installer Toolkit Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow sensitive information to be obtained by an attacker using hard-coded credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Installer Toolkit, a software application, is affected: Installer Toolkit: 3.27.0 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Enphase Installer Toolkit versions 3.27.0 and prior have hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. CVE-2023-32274 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Ener...