Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Password, Missing Password Field Masking, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to connect to the module via FTP and bypass authentication to log in. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports these vulnerabilities affect the following MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration tool: RJ71EIP91: All versions SW1DNN-EIPCT-BD: All versions FX5-ENET/IP: All versions SW1DNN-EIPCTFX5-BD: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK PASSWORD REQUIREMENTS CWE-521 Authentication bypass vulnerability in FTP function on EtherNet/IP ...
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: HID Global Equipment: SAFE Vulnerabilities: Modification of Assumed-Immutable Data 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposure of personal data or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of HID’s SAFE, a personnel and access management software, are affected: HID SAFE using the optional External Visitor Manager portal: Versions 5.8.0 through 5.11.3 3.2 VULNERABILITY OVERVIEW 3.2.1 MODIFICATION OF ASSUMED-IMMUTABLE DATA CWE-471 The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the persona...
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess Node Vulnerabilities: Improper Control of Generation of Code ('Code Injection'), Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to arbitrarily overwrite files resulting in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Advantech products are affected: WebAccess/SCADA versions 9.1.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94 In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. CVE-2023-32540 has been assigned to this vulnerab...
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Insufficient Type Distinction 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker full control over the supervisory control and data acquisition (SCADA) server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Advantech reports this vulnerability affect the following WebAccess/SCADA product: WebAccess/SCADA: version 8.4.5 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT TYPE DISTINCTION CWE-351 If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. CVE-2023-2866 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Man...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXsecurity Series Vulnerabilities: Command Injection and Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized user to bypass authentication or to execute arbitrary commands on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Moxa reports these vulnerabilities affect the following MXsecurity Series: MXsecurity Series: Software v1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 COMMAND INJECTION CWE-77 A remote attacker, who has gained authorization privileges, could execute arbitrary commands on the device. CVE-2023-33235 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798 An attacker could bypass authentication for web-based application programmable interfaces (APIs)...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the device being accessed or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s RTU500 Series Product, are affected: For CVE-2023-0286, CVE-2022-4304 RTU500 series CMU Firmware: version 12.0.1 through 12.0.15 RTU500 series CMU Firmware: version 12.2.1 through 12.2.12 RTU500 series CMU Firmware: version 12.4.1 through 12.4.12 RTU500 series CMU Firmware: version 12.6.1 through 12.6.9 RTU500 series CMU Firmware: version 12.7.1 through 12.7.6 RTU500 series CMU Firmware: version 13.2.1 through 13.2.6 RTU500 series CMU Firmware: version 13.3.1 through ...
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series CPU module Vulnerabilities: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition or execute malicious code on a target product by sending specially crafted packets. The attacker needs to understand the internal structure of products to execute malicious code. Therefore, it is difficult to execute malicious code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports this vulnerability affects the following MELSEC Series CPU module: MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS: Serial number 17X**** or later, version 1.220 and later MELSEC iQ-F Series FX5UC-xMy/z x=32,64,96, y=T, z=D,DSS: Serial number 17X**** or later, version 1.220 and later MELSEC iQ-F Series FX5UC-32MT/DS-TS, FX5UC-32MT/DS...
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS65x, AFS67x, AFR67x and AFF66x series products Vulnerabilities: Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or lead to a Denial-of-Service (DoS). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s AFS65x, AFS67x, AFR67x and AFF66x series products, are affected: AFS660/665S, AFS660/665C, AFS670v2: Firmware 7.1.05 and earlier AFS670/675, AFR67x: Firmware 9.1.07 and earlier AFF660/665: Firmware 03.0.02 and earlier AFS65x: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 USE AFTER FREE CWE-416 The libexpat library is incorporated in the AFS, AFR and AFF products family. Versions of libexpat before 2.4.9 have a use-after-free in the do-Content function in xmlparse.c. Successful exploitation of this vulnerability could lead to disclo...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape, Cscape EnvisionRV Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read, Use After Free, Access of Uninitialized Pointer, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Horner Automation’s Cscape are affected: Cscape: v9.90 SP8 Cscape EnvisionRV: v4.70 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. CVE-2023-29503 has been assigned to ...
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: OpenBlue Enterprise Manager Data Collector Vulnerabilities: Improper Authentication, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker, under certain circumstances, to make application programming interface (API) calls to the OpenBlue Enterprise Manager Data Collector, which do not require authentication and may expose sensitive information to an unauthorized user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: OpenBlue Enterprise Manager Data Collector: Firmware versions prior to 3.2.5.75 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER AUTHENTICATION CWE-287 Under certain circumstances, API calls to the OpenBlue Enterprise Manager Data Collector do not require authentication. CVE-2023-2024 has been assigned to thi...