us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SINUMERIK ONE, SINUMERIK 840D, SINUMERIK 828D Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges in the underlying system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SINUMERIK products, an automation system, are affected: SINUMERIK 828D V4: All versions SINUMERIK 828D V5: All versions prior to V5.24 SINUMERIK 840D sl V4: All versions SINUMERIK ONE: All versions prior to V6.24 3.2 Vulnerability Overview 3.2.1...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Runtime Vulnerability: Observable Response Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Mendix Runtime, are affected: Mendix Runtime V8: All versions only if the basic authentication mechanism is used by the application Mendix Runtime V9: All versions prior to V9.24.26 only if the basic authentication mechanism is used by the application Mendix ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause denial-of-service condition in the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following industrial products are affected: AI Model Deployer: versions prior to V1.1 Data Flow Monitoring Industrial Edge Device User Interface (DFM IED UI): versions prior to V0.0.6 LiveTwin Industrial Edge app (6AV2170-0BL00-0AA0): versions prior to V2.4 SIMATIC PCS n...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerability: Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could result in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ThinManager, a visualization resource manager, are affected: ThinManager: Versions V13.1.0 to 13.1.2 ThinManager: Versions V13.2.0 to 13.2.1 3.2 Vulnerability Overview 3.2.1 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager processes a crafted POST request. If exploited, a user can install an executable file. CVE-2024-45826 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Batch View Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker bypassing authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk Batch View, a manufacturing process batch solution, are affected: FactoryTalk Batch View: 2.01.00 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHENTICATION CWE-287 An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication. CVE-2024-45823 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/U...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthenticated remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk View Site, are affected: FactoryTalk View Site Edition: Versions V12.0, V13.0, V14.0 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with path traversal, command injection, and XSS vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. CVE-2024-45824 has been assigned to this vulnerability. A CVSS v3.1 ba...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: SequenceManager Vulnerabilities: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SequenceManager, a logix controller-based batch and sequencing solution, are affected: SequenceManager: Versions prior to 2.0 3.2 Vulnerability Overview 3.2.1 Unquoted Search Path or Element CWE-428 An input validation vulnerability exists in the affected products which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Viessmann Climate Solutions SE Equipment: Vitogate 300 Vulnerabilities: Use of Hard-coded Credentials, Forced Browsing, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Viessmann Climate Solutions SE Vitogate 300, a solution to connecting boilers and heat pumps to a building management system, are affected: Viessmann Vitogate 300: Versions 2.1.3.0 and prior 3.2 Vulnerability Overview 3.2.1 Use of Hard-coded Credentials CWE-798 In Viessmann Vitogate 300 versions 2.1.3.0 and prior there is a vulnerability that affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. CVE-2023-5222 has been ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: iniNet Solutions GmbH Equipment: SpiderControl SCADA Web Server Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to log in or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SpiderControl, an HMI program, are affected: SpiderControl SCADA Web Server: Versions v2.09 and prior 3.2 Vulnerability Overview 3.2.1 Unrestricted Upload of File with Dangerous Type CWE-434 SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. CVE-2024-8232 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). A CVSS v4 score has also been calculated for CVE-202...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hughes Network Systems Equipment: WL3000 Fusion Software Vulnerabilities: Insufficiently Protected Credentials, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain read-only access to network configuration information and terminal configuration data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hughes Network Systems work streams are affected: WL3000 Fusion Software: Versions prior to 2.7.0.10 3.2 Vulnerability Overview 3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522 Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data. CVE-2024-39278 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.2 has been calculated; the CVSS vector string is (...