us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Outback Power Equipment: Mojave Inverter Vulnerabilities: Use of GET Request Method With Sensitive Query Strings, Exposure of Sensitive Information to an Unauthorized Actor, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data or inject commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Outback Power Mojave Inverter, a system for managing power in a residential grid-connected battery backup system, are affected: Outback Power Mojave Inverter: All versions 3.2 VU;NERABILITY OVERVIEW 3.2.1 Use of GET Request Method With Sensitive Query Strings CWE-598 The Mojave Inverter uses the GET method for sensitive information. CVE-2025-26473 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ORing Equipment: IAP-20 Vulnerabilities: Cross-site Scripting, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ORing products are affected: IAP-420: Versions 2.01e and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 A stored cross-site scripting can be triggered by placing JavaScript code into the SSID input field of the web interface. An attacker could exploit this vulnerability by luring an authenticated user to visit a malicious website. CVE-2024-5410 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability allows for local privilege escalation, which could lead to the execution of a malicious Dynamic-Link Library (DLL). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric EcoStruxure products and versions, which incorporate Revenera FlexNet Publisher, are affected: EcoStruxure Control Expert: Versions prior to V16.1 EcoStruxure Process Expert: All versions EcoStruxure OPC UA Server Expert: All versions EcoStruxure Control Expert Asset Link: Versions prior to V4.0 SP1 EcoStruxure Machine SCADA Expert Asset Link: All versions EcoStruxure Architecture Builder: Versions prior to V7.0.18 EcoStruxure Operator Terminal Expert: All versions Vijeo Designer: Version prior to V6.3SP1 HF1 EcoStruxure Machine Expert including EcoStruxure Machi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Drive Composer Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers unauthorized access to the file system on the host machine. An attacker can exploit this flaw to run malicious code, which could lead to the compromise of the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following Drive Composer products are affected: Drive Composer entry: Version 2.9.0.1 and prior Drive Composer pro: Version 2.9.0.1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 A vulnerability in drive composer can allow attackers unauthorized access to the file system on the host machine. An attacker can exploit this flaw to run malicious code, which could ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: EcoStruxure Power Monitoring Expert (PME): Versions 2022 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 A deserialization of untrusted data vulnerability exists which could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. CVE-2024-9005 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Trimble Cityworks, an asset and work management system, are affected: Cityworks: All versions prior to 23.10 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 Trimble Cityworks versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server. CVE-2025-0994 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Western Telematic Inc Equipment: NPS Series, DSM Series, CPM Series Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to files on the device's filesystem. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Western Telematic Inc products are affected: Network Power Switch (NPS Series): Firmware Version 6.62 and prior Console Server (DSM Series): Firmware Version 6.62 and prior Console Server + PDU Combo Unit (CPM Series): Firmware Version 6.62 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 External Control of File Name or Path CWE-73 Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a Local File Inclusion Attack (LFI), where any authenticated user has privileged access to files on the device's filesystem. CVE-2025-...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks, resulting in information disclosure, integrity issues, and operational failures. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Pro-face GP-Pro EX and Remote HMI are affected: Pro-face GP-Pro EX: All versions Pro-face Remote HMI: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ENFORCEMENT OF MESSAGE INTEGRITY DURING TRANSMISSION IN A COMMUNICATION CHANNEL CWE-924 The affected products are vulnerable to an improper enforcement of message integrity during transmission in a communication channel vulnerability that could cause partial loss of confidentiality, loss of integrity, and availability of the HMI when at...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC Vulnerability: Incorrect Calculation of Buffer Size 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user sends a crafted HTTPS packet to the webserver. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC are affected: Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety): Versions prior to SV4.30 Modicon M580 CPU Safety (part numbers BMEP58-S and BMEH58-S): Versions prior to SV4.21 BMENOR2200H: All versions EVLink Pro AC: Versions prior to v1.3.10 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT CALCULATION OF BUFFER SIZE CWE-131 The affected product is vulnerable to an incorrect calculation of buffer size vulnerability which could cause a...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, workstation integrity and potential remote code execution on the compromised computer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Web Designer for Modicon are affected: Web Designer for BMXNOR0200H: All versions Web Designer for BMXNOE0110(H): All versions Web Designer for BMENOC0311(C): All versions Web Designer for BMENOC0321(C): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 The affected product is vulnerable to an improper restriction of XML external entity reference vulnerability that could cause information disclosure, impacts to workstation integrity, and potential remote code execution...