us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely Vendor: Sungrow Equipment: iSolarCloud Android App, WiNet Firmware Vulnerabilities: Improper Certificate Validation, Use of a Broken or Risky Cryptographic Algorithm, Authorization Bypass Through User-Controlled Key, User of Hard-Coded Credentials, Stack-Based Buffer Overflow, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Sungrow software products are affected: iSolarCloud Android App: Version 2.1.6 and prior WiNet Firmware: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 The Android app for iSolarCloud explicitly ignores certificate errors and is vulnerable to adversary-in-the-middle attacks. This may allow an attacker to impersonate the iSolarCloud server and communicate with the And...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Client Vulnerabilities: Integer Overflow or Wraparound, Unprotected Alternate Channel, Improper Restriction of Communication Channel to Intended Endpoints, Stack-based Buffer Overflow, Unrestricted Upload of File with Dangerous Type, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to overflow memory buffers, impersonate a legitimate user, maintain longer session times, gain elevated privileges, and execute code remotely. 3. TECHNICAL DETAILS 3.1...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC IPC Family, SIMATIC ITP1000, SIMATIC Field PGs Vulnerabilities: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to alter the secure boot configuration or to disable the BIOS password. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC Field PG M5: All versions Siemens SIMATIC IPC377G: All versions Siemens SIMATIC IPC427E: All versions Siemens SIMATIC IPC477E: All versions Siemens SIMATIC IPC477E PRO: All versions Siemens SIM...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: OPC UA Vulnerabilities: Observable Timing Discrepancy, Authentication Bypass by Primary Weakness 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass application authentication and gain access to the data managed by the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Industrial Edge for Machine Tools (formerly known as "SINUMERIK Edge"): All versions (CVE-2024-42513) SIMIT V11: All versions (CVE-2024-42512) SIMATIC BRAUMAT: All versions from V8.0 SP1 up ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Uni-Telway Driver Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products are affected: Schneider Electric Uni-Telway Driver: All versions Schneider Electric Uni-Telway Driver installed on Control Expert: All versions Schneider Electric Uni-Telway Driver installed on Process Expert: All versions Schneider Electric Uni-Telway Driver installed on Process Expert for AVEVA System Platform: All versions Schneider Electric Uni-Telway Driver installed on OPC Factory Server: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Schneider Electric Uni-Telway Driver is vulnerable to an improper input validation vulnerability that could cause denial-of-service of e...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Optigo Networks Equipment: Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products, or impersonate the web applications. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool are affected: Visual BACnet Capture Tool: Version 3.1.2rc11 Optigo Visual Networks Capture Tool: Version 3.1.2rc11 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS CWE-547 Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This c...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400, PCULogger Vulnerabilities: Access of Resource Using Incompatible Type ('Type Confusion'), NULL Pointer Dereference, Use After Free, Double Free, Observable Discrepancy, Out-of-bounds Read 2. RISK EVALUATION Exploitation of these vulnerabilities could allow an attacker to access or decrypt sensitive data, crash the device application, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: PCU400: Version 6.5 K and prior PCU400: Version 9.4.1 and prior PCULogger: Version 1.1.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structur...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Vulnerability: Improper Handling of Insufficient Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow anyone with user credentials to bypass the security controls enforced by the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Relion 670/650 series: Version 2.2.0 all revisions Relion 670/650/SAM600-IO series: Version 2.2.1 all revisions up to but not including version 2.2.1.8. Relion 670 series: Version 2.2.2 all revisions up to but not including 2.2.2.5 Relion 670 series: Version 2.2.3 revisions up to 2.2.3.4 Relion 670/650 series Version 2.2.4 all revisions up to but not including version 2.2.4.3. Relion 670/650/SAM600-IO series: Version 2.2.5 up to revision 2.2.5.1 Relion 670/650 series: Version 2.1 all revisions up to but not inclu...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Edimax Equipment: IC-7100 IP Camera Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Edimax products are affected: IC-7100 IP Camera: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device CVE-2025-1316 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Vendor: Hitachi Energy Equipment: MACH PS700 Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain control over the software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: MACH PS700: Version v2 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 Uncontrolled search path element in some Intel(R) Chipset Device Software before Version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-28388 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Swi...