us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: OS Command Injection, Improper Authentication, Missing Authentication for Critical Function, Path Traversal. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: myPRO Manager: Versions prior to 1.3 myPRO Runtime: Versions prior to 9.2.1 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. CVE-2024-47407 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic PM5300 Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to become unresponsive resulting in communication loss. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following PowerLogic energy meters are affected: PowerLogic PM5320: Versions 2.3.8 and prior PowerLogic PM5340: Versions 2.3.8 and prior PowerLogic PM5341: Versions 2.6.6 and prior 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 An uncontrolled resource consumption vulnerability exists that could cause Schneider Electric PowerLogic PM5300 Series devices to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. CVE-2024-9409 has been assigned to this vulnerability. A CVSS v3 ba...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure IT Gateway Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following versions of EcoStruxure IT Gateway are affected: EcoStruxure IT Gateway: 1.21.0.6 EcoStruxure IT Gateway: 1.22.0.3 EcoStruxure IT Gateway: 1.22.1.5 EcoStruxure IT Gateway: 1.23.0.4 3.2 Vulnerability Overview 3.2.1 MISSING AUTHORIZATION CWE-862 A missing authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. CVE-2024-10575 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculate...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with memory on these devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric Modicon M340, MC80, and Momentum Unity M1E are affected: Modicon M340 CPU (part numbers BMXP34*): Versions prior to SV3.65 Modicon MC80 (part numbers BMKC80)(CVE-2024-8937, CVE-2024-8938): All versions Modicon Momentum Unity M1E Processor (171CBU*)(CVE-2024-8937, CVE-2024-8938): All versions 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 An Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Enforcement of Message Integrity During Transmission in a Communication Channel, Authentication Bypass by Spoofing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve password hashes or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric Modicon M340, MC80, and Momentum Unity M1E are affected: Modicon M340 CPU (part numbers BMXP34*): All versions (CVE-2024-8933) Modicon M340 CPU (part numbers BMXP34*): versions after SV3.60 (CVE-2024-8935) Modicon MC80 (part numbers BMKC80): All versions (CVE-2024-8933) Modicon Momentum Unity M1E Processor (171CBU*): All versions (CVE-2024-8933) 3.2 Vulnerability Overview 3.2.1 Improper Enforcement of Message Integrity During Transmission in a Communi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: CODESYS GmbH Equipment: OSCAT Basic Library Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions CODESYS OSCAT, are affected: CODESYS OSCAT Basic Library: Version 3.3.5.0 oscat.de OSCAT Basic Library: Versions 3.3.5 and prior oscat.de OSCAT Basic Library: Versions 335 and prior 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected product is vulnerable to an out-of-bounds read in the OSCAT Basic Library, which allows a local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. CVE-2024-6876 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.1 has been calculated;...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automated Logic Equipment: WebCTRL Premium Server Vulnerabilities: Unrestricted Upload of File with Dangerous Type, URL Redirection to Untrusted Site ('Open Redirect') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands on the server hosting WebCTRL or redirect legitimate users to malicious sites. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Automated Logic products are affected: Automated Logic WebCTRL® Server : Version 7.0 Carrier i-Vu: Version 7.0 Automated Logic SiteScan Web: Version 7.0 Automated Logic WebCTRL for OEMs: Version 7.0 3.2 Vulnerability Overview 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434 A vulnerability in Automated Logic WebCTRL 7.0 allows an unauthenticated user to upload files of dangerous types without restrictions, which could lead to re...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Type of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module is required for recovery. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following versions of MELSEC iQ-F Series Ethernet module and EtherNet/IP module are affected: MELSEC iQ-F Series FX5-ENET: version 1.100 and later MELSEC iQ-F Series FX5-ENET/IP: version 1.100 to 1.104 3.2 Vulnerability Overview 3.2.1 Improper Validation of Specified Type of Input CWE-1287 A denial-of-service vulnerability due to improper validation of a specified type of input exists in MELSEC iQ-F Ethernet Module and EtherNet/IP Module. CVE-2024-8403 has ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Spectrum Power 7 Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Spectrum Power 7 are affected: Spectrum Power 7: All versions prior to V24Q3 3.2 Vulnerability Overview 3.2.1 INCORRECT PRIVILEGE ASSIGNMENT CWE-266 The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. CVE-2024-29119 has been assigned...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: TeleControl Server Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of TeleControl Server are affected: PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1): versions prior to V3.1.2.1 PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1): versions prior to V3.1.2.1 PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1)...