Source
us-cert
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 TM MFP Vulnerabilities: Improper Input Validation, Out-of-bounds Read, Use After Free, Out-of-bounds Write, Infinite Loop, Reachable Assertion, Off-by-one Error, Incorrect Default Permissions, Double Free, Improper Handling of Exceptional Conditions, Integer Overflow or Wraparound, NULL Pointer Dereference, Release of Invalid Pointer or Reference, Race Condition, Improper Restriction of Operations within the Bounds of a Memory Buffer, Non-exit on Failed Initialization, Missing Encryption of Sensitive Data, Classic Buffer Overflow, Uncontrolled Re...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SICAM A8000 Devices Vulnerabilities: Command Injection, Use of Hard-coded Credentials, Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker, with direct physical access, to crack the root password to login to the device or remotely execute arbitrary code with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05 CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to C...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC S7-PM, SIMATIC STEP 7 V5 Vulnerability: Improper Control of Generation of Code ('Code Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMATIC PCS 7: All versions SIMATIC S7-PM: All versions SIMATIC STEP 7 V5: All versions prior to V5.7 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPE...
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Edge Gateway Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to cause the program to crash, causing a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following FactoryTalk Edge Gateway products: FactoryTalk Edge Gateway: v1.3 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 An out of bounds array read vulnerability was fixed in the apr_time_exp*() function in the Apache Portable Runtime v1.6.3 (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. CVE-2021-35940 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/...
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Datalogics Equipment: Library APDFL v18.0.4PlusP1e Vulnerability: Stack-based buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Datalogics library versions are affected: Library APDFL v18.0.4PlusP1e and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 The affected product has a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process. CVE-2023-1709 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Italy 3.4 RESEARCHER Siemens rep...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the application to crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The user would need to restart the application to recover from the denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following FactoryTalk Transaction Manager products: FactoryTalk Transaction Manager: versions 13.10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 A denial-of-service vulnerability exists in the affected products. A threat actor could send a modified packet to port 400 exploit this vulnerability. If exploited, the application could crash or experience a h...
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerabilities: Use of Hard-coded Cryptographic Key, Improper Authentication, Origin Validation Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, load malicious configuration files, or elevate privileges from a user to an administrator. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: FactoryTalk Policy Manager: v6.11.0 FactoryTalk System Services: v6.11.0 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321 Hard-coded cryptographic key vulnerabilities could lead to privilege escalation. FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. This vulnerability could allow a local authenticated non-admin user to generate an invalid a...
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable via adjacent network Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise device credentials over a long period of sustained attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Sensormatic Electronics Illustra Pro Gen 4 are affected: Pro Gen 4 Dome: Up to and including Illustra.SS016.05.09.04.0006 Pro Gen 4 PTZ: Up to and including Illustra.SS010.05.09.04.0022 3.2 VULNERABILITY OVERVIEW 3.2.1 ACTIVE DEBUG CODE CWE-489 Sensormatic Electronics Illustra Pro Gen 4 contains a debug feature that is incorrectly set to enabled on newly manufactured cameras. Under some circumstances, over a long period of sustained attack, this could allow compromise of device credentials. CVE-2023-0954 has been assigned to this vulnerabi...
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Atlas Copco Equipment: Power Focus 6000 Vulnerabilities: Cleartext Storage of Sensitive Information, Small Space of Random Values, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a loss of sensitive information and the takeover of a user’s active session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Power Focus 6000, a smart connected assembly product, are affected: Power Focus 6000: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312 Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller. CVE-2023-1897 has been assigned to this vulnerability. A CVSS v3 base score of...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit a buffer overflow condition and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CNCSoft-B DOPSoft, a human machine interface (HMI), are affected: CNCSoft-B DOPSoft: versions 1.0.0.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. CVE-2023-25177 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 HEAP-BASED BUFFER OVERFLOW CWE-122 Delta Elect...