us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Location Intelligence Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Excessive Authentication Attempts, Weak Password Requirements 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read and modify data passed over the connection between legitimate clients and the affected product or brute force user passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Location Intelligence, a web-based application software, are affected: Location Intelligence: All ve...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Out-of-bounds Write, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens COMOS, a unified data platform, are affected: COMOS: All versions prior to V10.5 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-b...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Teamcenter Visualization and JT2Go Vulnerabilities: Out-of-bounds Read, NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process and crash the application causing denial of service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Teamcenter Visualization and JT2Go, are affected: Siemens JT2Go: Versions prior to V2312.0005 Siemens Teamcenter Visualization V14.2: Versions prior to V14.2.0.12 Siemens Teamcenter Visualization V14.3...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Use After Free, Improper Input Validation, Deserialization of Untrusted Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption, Out-of-bounds Read, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), Privilege Dropping / Lowering Errors, Allocation of Resources Without Limits or Throttling, Execution with Unnecessary Privileges, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Authorization 2. RIS...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Historian Server Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to get read and write access to the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Historian Server, a Process database, are affected: Historian Server: Version 2023 R2 Historian Server: Versions 2023 to 2023 P03 Historian Server: Versions 2020 to 2020 R2 SP1 P01 3.2 Vulnerability Overview 3.2.1 CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL. CVE-2024-6456 has been assigned to this vulne...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from adjacent network. Vendor: PTC Equipment: Kepware ThingWorx Kepware Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the target device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PTC reports that the following products and versions are affected: PTC Kepware ThingWorx Kepware Server: V6 PTC Kepware KEPServerEX: V6 Software Toolbox TOP Server: V6 GE IGS: V7.6x 3.2 Vulnerability Overview 3.2.1 Allocation of Resources Without Limits or Throttling CWE-770 When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580, GuardLogix 5580 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial-of-service on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation GuardLogix/ControlLogix 5580, programmable logic controllers, are affected: ControlLogix 5580: Versions v34.011 and later GuardLogix 5580: Versions v34.011 and later 3.2 Vulnerability Overview 3.2.1 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754 A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service. CVE-2024-40619 has been assigned to this vuln...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Site Edition Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow any user to edit or replace files, which are executed by account with elevated permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of FactoryTalk, an HMI application, are affected: FactoryTalk View SE: version 13.0 3.2 Vulnerability Overview 3.2.1 Incorrect Permission Assignment for Critical Resource CWE-732 A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. CVE-2024-7513 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow and attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: CompactLogix 5380 (5069 - L3z): Versions prior to v36.011, v35.013, v34.014 CompactLogix 5480 (5069 - L4): Versions prior to v36.011, v35.013, v34.014 ControlLogix 5580 (1756 - L8z): Versions prior to v36.011, v35.013, v34.014 GuardLogix 5580 (1756 - L8z): Versions prior to v36.011, v35.013, v34.014 Compact GuardLogix 5380 (5069 - L3zS2): Versions prior to v36.011, v35.013, v34.014 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 A denial-of-service vulnerability exists in the affected products. This v...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: SuiteLink Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause the server to consume excessive system resources, preventing processing of SuiteLink messages on the targeted host. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AVEVA products with AVEVA SuiteLink Server installed, are affected: SuiteLink: Versions 3.7.0 and prior Historian: Versions 2023 R2 P01 and prior InTouch: Versions 2023 R2 P01 and prior Application Server: Versions 2023 R2 P01 and prior Communication Drivers Pack: Versions 2023 R2 and prior Batch Management: Versions 2023 and prior 3.2 Vulnerability Overview 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770 If exploited, this vulnerability could cause a SuiteLink server to consume excessive system re...