us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: SQL Injection, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Siemens are affected: RUGGEDCOM APE1808 with Nozomi Guardian / CMC: All versions before V22.6.3 or 23.1.0 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 A S...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: SIS Workstation and ISaGRAF Workbench Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local users to overwrite files replacing them with malicious programs. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of SIS Workstation and ISaGRAF Workbench Code are affected: Safety Instrumented System Workstation: v1.2 up to but not including v2.00 ISaGRAF Workbench: v6.6.9 up to but not including v6.06.10 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 Due to the third-party vulnerabilities in Nullsoft Scriptable Install System (NSIS), the SIS Workstation and ISaGRAF Workbench installer and uninstaller have unsafe implicit linking against Version.dll. Therefore, there is no protection mechanism in the wrapper function that resolves the de...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Operations Control Logger Vulnerabilities: Execution with Unnecessary Privileges, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow privilege escalation or denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS AVEVA has created a security update to address vulnerabilities in the AVEVA Operations Control Logger (formerly known as ArchestrA Logger), impacting the following products: AVEVA SystemPlatform: 2020 R2 SP1 P01 and prior AVEVA Historian: 2020 R2 SP1 P01 and prior AVEVA Application Server: 2020 R2 SP1 P01 and prior AVEVA InTouch: 2020 R2 SP1 P01 and prior AVEVA Enterprise Licensing (formerly known as License Manager): version 3.7.002 and prior AVEVA Manufacturing Execution System (formerly known as Wonderware MES): 2020 P01 and prior AVEVA Recipe Management: 2020 R2 Update 1 Patch 2 and prior AVEVA Batch M...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Quantum HD Unity Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access debug features that were accidentally exposed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls Quantum HD Unity products are affected: Quantum HD Unity Compressor control panels (Q5): All versions prior to v11.22 Quantum HD Unity Compressor control panels (Q6): All versions prior to v12.22 Quantum HD Unity AcuAir control panels(Q5): All versions prior to v11.12 Quantum HD Unity AcuAir control panels(Q6): All versions prior to v12.12 Quantum HD Unity Condenser/Vessel control panels (Q5): All versions prior to v11.11 Quantum HD Unity Condenser/Vessel control panels (Q6): All versions prior to v12.11 Quantum HD Unity Evaporator control panels (Q5): All versions prior to v...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: eSOMS Vulnerabilities: Generation of Error Message Containing Sensitive Information, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information related to eSOMS application configuration. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected: eSOMS: v6.3.13 and prior 3.2 Vulnerability Overview 3.2.1 GENERATION OF ERROR MESSAGE CONTAINING SENSITIVE INFORMATION CWE-209 The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. CVE-2023-5514 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and achieve code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of General Electric MiCOM S1 Agile is affected: MiCOM S1 Agile: All versions 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. CVE-2023-0898 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3....

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and achieve code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of General Electric MiCOM S1 Agile is affected: MiCOM S1 Agile: All versions 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. CVE-2023-0898 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3....

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: SpaceLogic C-Bus Toolkit Vulnerabilities: Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, which could result in tampering of the SpaceLogic C-Bus home automation system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric products are affected: SpaceLogic C-Bus Toolkit: Versions 1.16.3 and prior 3.2 Vulnerability Overview 3.2.1 Improper Privilege Management CWE-269 Schneider Electric's SpaceLogic C-Bus Toolkit product is vulnerable due to improper privilege management, which could cause remote code execution when the transfer command is used over the network. CVE-2023-5402 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: FlexEdge Gateway, DA50A, DA70A running Crimson Vulnerability: Improper Neutralization of Null Byte or NUL Character 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to truncate passwords configured by the Crimson configuration tool which could create weaker than intended credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Red Lion products are affected: Crimson: v3.2.0053.18 or prior 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158 The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered....

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Fueling System Equipment: TS-550 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access the device and gain unauthenticated access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Franklin Fueling System TS-550, are affected: TS-550: All versions prior to 1.9.23.8960 3.2 Vulnerability Overview 3.2.1 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916 Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. CVE-2023-5846 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). 3.3 BACK...