us-cert

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Envoy Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain root access to the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Envoy, an energy monitoring device, is affected: Envoy: D7.0.88 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 Enphase Envoy versions D7.0.88 and prior are vulnerable to a command injection exploit that may allow an attacker to execute root commands. CVE-2023-33869 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United ...

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: SUBNET Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Cross-site Scripting, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious scripts or perform a denial-of-service type attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SUBNET PowerSYSTEM Center, a multi-function management platform, are affected: PowerSYSTEM Center: 2020 U10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. CVE-2023-32659 h...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMOTION Vulnerability: Exposure of Sensitive Information Due to Incompatible Policies 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMOTION C240 (6AU1240-1AA00-0AA0): All versions including V5.4 and later but prior to V5.5 SP1 SIMOTION C240 PN (6AU1240-1AB00-0AA0): All versions including V5.4 and later but prior to V5.5 SP1 SIMOTION D410-2 DP (6AU1410-2AA00...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC V7 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to inject arbitrary code and escalate privileges if a non-default installation path was chosen during installation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected:  SIMATIC WinCC: All versions prior to V7.5.2.13 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 Affected applications fail to set proper access rights for t...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker gaining remote file system access and achieving remote command execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech WebAccess/SCADA, a browser-based SCADA software package, are affected: WebAccess/SCADA: All versions prior to 9.1.4 3.2 VULNERABILITY OVERVIEW 3.2.1 UNTRUSTED POINTER DEREFERENCE CWE-822 All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. CVE-2023-1437 has been assigned to this vulnerability. A CVS...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 3.9 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC Products Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain unauthorized access to product control and data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMATIC NET PC Software V14: All versions SIMATIC NET PC Software V15: All versions SIMATIC PCS 7 V8.2: All versions SIMATIC PCS 7 V9.0: All versions SIMATIC PCS 7 V9.1: All versions SIMATIC WinCC: All versions prior to V8.0 SINAUT Software ST7sc: All versions 3.2 VULNERABILITY ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  1. EXECUTIVE SUMMARY ​CVSS v3 9.9 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: POWER METER SICAM Q200 family ​Vulnerabilities: Session Fixation, Improper Input Validation, Cross-Site Request Forgery, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could lead to remote code execution or denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Siemens reports these vulnerabilities were identified in the webserver of the following Q200 devices: ​POWER METER SICAM Q200 family: versions prior to V2.70 3.2 VULNERABILITY OVERVIEW 3.2.1 ​SESSION FIXATION CWE-384 ​...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Totally Integrated Automation (TIA) Portal Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project, without the knowledge of the know-how protection password. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: Totally Integrated Automation Portal (TIA Portal) V14: All versions Totally Integrated Automation Portal (TIA Portal) V15: All versions Totally Integrated Automation Por...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: Solid Edge SE2023: All versions prior to V223.0 Update 5 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 Open Design Alliance Drawings SDK (versions before 2024.1) is vulnerable to an out-of-bounds read when reading a DWG file. This could allow an attacker to execute code in the context of the cur...

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: SINAMICS MV (medium voltage) products ​Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Use After Free, Improper Authentication, OS Command Injection, Improper Certificate Validation, Improper Resource Shutdown or Release, Allocation of Resources Without Limits or Throttling, Incorrect Default Permissions, Improper Validation of Syntactic Correctness of Input, Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could lead to information leaks, denial of service, code execution, or grant access to an extern...