us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics CNCSoft-G2, a Human-Machine Interface (HMI) software, are affected: CNCSoft-G2: Version 2.0.0.5 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. CVE-2024-39880 has been assigned to this vulnerability. A CVS...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls, Inc. Equipment: Software House C●CURE 9000 Vulnerability: Use of Weak Credentials 2. RISK EVALUATION Successful exploitations of this vulnerability could allow an attacker to gain administrative access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: Software House C●CURE 9000: Version 2.80 and prior 3.2 Vulnerability Overview 3.2.1 USE OF WEAK CREDENTIALS CWE-1391 Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials. CVE-2024-32759 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-32759. A base score of 7.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable via adjacent network Vendor: Johnson Controls, Inc. Equipment: Kantech KT1, KT2, KT400 Door Controllers Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products by Kantech, a subsidiary of Johnson Controls, are affected: Kantech KT1 Door Controller Rev01: Versions 2.09.01 and prior Kantech KT2 Door Controller Rev01: Versions 2.09.01 and prior Kantech KT400 Door Controller Rev01: Versions 3.01.16 and prior 3.2 Vulnerability Overview 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: myPRO: Versions prior to 8.31.0 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED PASSWORD CWE-259 The affected application uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. CVE-2024-4708 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-4708. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BAC...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION: Exploitable remotely Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerabilities: Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper Authentication, Unsafe Reflection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in denial of service, improper privilege management, or potentially remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ICONICS reports that the following versions of ICONICS Product Suite are affected: ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 (CVE-2022-2650, CVE-2023-4807) AlarmWorX Multimedia (AlarmWorX64 MMX): All versions prior to 10.97.3 (CVE-2024-1182) MobileHMI: All versions prior to 10.97.3 (CVE-2024-1573) ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: All versions prior to 10.97.3 (CVE-2024-...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: marKoni Equipment: Markoni-D (Compact) FM Transmitters, Markoni-DH (Exciter+Amplifiers) FM Transmitters Vulnerabilities: Command Injection, Use of Hard-coded Credentials, Use of Client-Side Authentication, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with the product to bypass authentication or perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of TELSAT marKoni FM Transmitters are affected: Markoni-D (Compact) FM Transmitters: All versions prior to 2.0.1 Markoni-DH (Exciter+Amplifiers) FM Transmitters: All versions prior to 2.0.1 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerab...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow web interface user's credentials to be recovered by an authenticated user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports that the following versions of Illustra Essentials IP cameras are affected: Illustra Essential Gen 4: versions Illustra.Ess4.01.02.10.5982 and prior 3.2 Vulnerability Overview 3.2.1 Storing Passwords in a Recoverable Format CWE-257 Under certain circumstances, the web interface users credentials may be recovered by an authenticated user. CVE-2024-32932 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SDG Technologies PnPSCADA, a web-based SCADA HMI, are affected: PnPSCADA: Versions prior to 4 3.2 Vulnerability Overview 3.2.1 MISSING AUTHORIZATION CWE-862 SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system. CVE-2024-2882 has been assigned to this...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Illustra Essentials Gen 4 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports that the following versions of Illustra Essentials Gen 4 IP camera are affected: Illustra Essentials Gen 4: all versions up to Illustra.Ess4.01.02.10.5982 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 Under certain circumstances the web interface will accept characters unrelated to the expected input. CVE-2024-32755 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Commercial Facilities, Government Facilities, Transporta...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to recover credentials for other Linux users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports that the following versions of Illustra Essential Gen 4, an IP camera, are affected: Illustra Essentials Gen 4: versions up to Illustra.Ess4.01.02.10.5982 3.2 Vulnerability Overview 3.2.1 Storing Passwords in a Recoverable Format CWE-257 Under certain circumstances the Linux users credentials may be recovered by an authenticated user. CVE-2024-32756 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Commer...