#vulnerability

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE PXC and TALON TC Series Vulnerabilities: Inadequate Encryption Strength, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability that would allow an attacker to decrypt the passwords of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: APOGEE PXC Series (P2 Ethernet): All versions APOGEE PXC Series (BACnet): All ver...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Opcenter Intelligence Vulnerabilities: Improper Authentication, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data, Insertion of Sensitive Information into Log File, Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to change passwords for users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens O...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 Devices Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIPROTEC 5 7VE85 (CP300): Version V8.80 up to but not including V9.90 Siemens SIPROTEC 5 7SS85 (CP300): Version V8.80 up to but not including V9.90 Siemens SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2): All versions prior t...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC PCS neo and TIA Administrator Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMOCODE ES V19: Versions prior to V19 Update 1 TIA Administrator: Versions 3.0.4 and prior SIMATIC PCS neo V4.1: Versions prior to V4.1 Update 2 SIMATIC P...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ORing Equipment: IAP-20 Vulnerabilities: Cross-site Scripting, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ORing products are affected: IAP-420: Versions 2.01e and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 A stored cross-site scripting can be triggered by placing JavaScript code into the SSID input field of the web interface. An attacker could exploit this vulnerability by luring an authenticated user to visit a malicious website. CVE-2024-5410 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: URL Redirection to Untrusted Site ('Open Redirect') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to redirect the legitimate user to an attacker-controlled URL to steal valid session data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Teamcenter: All versions prior to V14.3.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT') CWE-601 The SSO login service of affected applications accepts us...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dingtian Equipment: DT-R0 Series Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify the device settings and gain administrator access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Dingtian DT-R0 Series are affected: DT-R002: Version V3.1.3044A DT-R008: Version V3.1.1759A DT-R016: Version V3.1.2776A DT-R032: Version V3.1.3826A 3.2 Vulnerability Overview 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. CVE-2025-1283 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W700 Vulnerabilities: Double Free, Improper Restriction of Communication Channel to Intended Endpoints, Improper Resource Shutdown or Release, Inadequate Encryption Strength, Race Condition, Integer Overflow or Wraparound, Out-of-bounds Write, NULL Pointer Dereference, Externally Controlled Reference to a Resource in Another Sphere, Use After Free, Type Confusion, Improper Certificate Validation, Missing Release of Memory after Effective Lifetime, Uncontrolled Resource Consumption, Out-of-bounds Read, Inefficient Regular Expression Complexity, In...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with physical access to read the sensitive information from the filesystem of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens SIPROTEC 5 7SK85 (CP300): vers:all/* Siemens SIPROTEC 5 7SJ81 (CP100): vers:all/* Siemens SIPROTEC 5 7SL86 (CP300): vers:all/* Siemens SIPROTEC 5 7SL86 (CP200): vers:all/* Siemens SIPROTEC 5 7SJ86 (CP300): vers:all/* Siemens SIPRO...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1200 CPU Family Vulnerabilities: Improper Resource Shutdown or Release, Improper Validation of Syntactic Correctness of Input 2. RISK EVALUATION The affected devices do not correctly process certain special crafted packets sent to Port 80/tcp and Port 102/tcp, which could allow an attacker to cause a denial of service in the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0): vers:all/<V4.7 Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RL...