Latest News

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: SIPORT Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Siemens SIPORT: Versions prior to V3.4.0 3.2 Vulnerability Overview 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 The affected application improperly assigns file permissions to install...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM CROSSBOW Vulnerabilities: Heap-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: RUGGEDCOM CROSSBOW Station Access Controller (SAC): Versions prior to 5.6 3.2 Vulnerability Overview 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as cri...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE M-800 Family Vulnerabilities: Out-of-bounds Read, Missing Encryption of Sensitive Data, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Excessive Iteration, Use After Free, Improper Output Neutralization for Logs, Observable Discrepancy, Improper Locking, Missing Release of Resource after Effective Lifetime, Improper Input Validation, Improper Access Control, Path Traversal, Cross-site Scripting, Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could impact the confidentiality, integrity or availabi...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Read, Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Solid Edge SE2024: versions prior to V224.0 Update 9 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow a...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Spectrum Power 7 Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Spectrum Power 7 are affected: Spectrum Power 7: All versions prior to V24Q3 3.2 Vulnerability Overview 3.2.1 INCORRECT PRIVILEGE ASSIGNMENT CWE-266 The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. CVE-2024-29119 has been assigned...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Siemens Engineering Platforms Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMATIC S7-PLCSIM V16: all versions SIMATIC S7-PLCSIM V17: all versions SIMATIC STEP 7 Safety V16: all versions SIMATIC STEP 7 Safety V17: versions prior to V17 Update 8 SIMATIC STEP 7 Safety V18: versions prior to V18 Update 5...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: TeleControl Server Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of TeleControl Server are affected: PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1): versions prior to V3.1.2.1 PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1): versions prior to V3.1.2.1 PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1)...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3.1 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: 2N Equipment: Access Commander Vulnerabilities: Path Traversal, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate their privileges, execute arbitrary code, or gain root access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of 2N Access Commander, an IP access control system, are affected: Access Commander: versions 3.1.1.2 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker to write files on the filesystem to achieve arbitrary remote code execution. CVE-2024-47253 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vecto...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MSM Vulnerabilities: Missing Release of Resource after Effective Lifetime, Loop with Unreachable Exit Condition ('Infinite Loop') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impact the confidentiality, integrity or availability of the MSM. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy MSM, a condition monitoring system, are affected: MSM: Versions 2.2.8 and earlier 3.2 Vulnerability Overview 3.2.1 Missing Release of Resource after Effective Lifetime CWE-772 When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Furt...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Input Analyzer Vulnerability: Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code on the program. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Input Analyzer (Arena), an event simulation and automation software, are affected: Arena Input Analyzer: v16.20.03 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER VALIDATION OF SPECIFIED QUANTITY IN INPUT CWE-1284 Rockwell Automation Input Analyzer version v16.20.00 (as included in Arena v16.20.03) is vulnerable to memory corruption when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.  CVE-2024-60...