Source
us-cert
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: cMT3000 CMI Web CGI Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Weintek products are affected: cMT-FHD: OS version 20210210 or prior. cMT-HDM: OS version 20210204 or prior. cMT3071: OS version 20210218 or prior. cMT3072: OS version 20210218 or prior. cMT3103: OS version 20210218 or prior. cMT3090: OS version 20210218 or prior. cMT3151: OS version 20210218 or prior. 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to traverse directories, download arbitrary files, or escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SICAM A8000, a remote terminal unit, are affected: CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05.11 CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to CPCI85 V05.11 3.2 Vulnerability Overview 3.2.1 Improper Limitation of a Pathname to a Restricted Directory ('Path...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SICAM PAS/PQS Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain persistence or potentially escalate privileges in the context of the application process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SICAM PAS/PQS are affected: SICAM PAS/PQS: Version 8.00 up to but not including 8.22. 3.2 Vulnerability Overview 3.2.1 Incorrect Permission Assignment for Critical Resource CWE-732 The affected application is installed with specific fi...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: SIMATIC CP products Vulnerabilities: Improper Access Control, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code, access the PROFINET network without restrictions or perform denial of service attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC CP 1604 (6GK1160-4AA01): all versions SIMATIC CP 1616 (6GK1161-6AA02): all versions SIMATIC CP 1623 (6GK1162-3AA00): all versions SIMATIC CP 1626 (6GK1162-6AA01): all versions SIMATIC CP 162...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Xpedition Layout Browser Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION An attacker could leverage this vulnerability to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Xpedition Layout Browser are affected: Xpedition Layout Browser: All versions prior to VX.2.14 3.2 Vulnerability Overview 3.2.1 Stack-Based Buffer Overflow CWE-121 Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Classic Buffer Overflow, Command Injection, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, unauthenticated denial of service or unauthenticated remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0): versio...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: SQL Injection, Cross-site Scripting, Improper Input Validation, Incorrect Authorization, Session Fixation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary SQL queries or injected code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: RUGGEDCOM APE1808 with Nozomi Guardian / CMC: versions prior to V22.6.2 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated local attacker to inject arbitrary code and escalate privileges or a remote attacker to perform a stored cross-site scripting(XSS) attack that may lead to unintentional modification of application data by legitimate users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Sieme...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Simcenter Amesim Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Simcenter Amesim are affected: Simcenter Amesim: All versions prior to V2021.1 3.2 Vulnerability Overview 3.2.1 Improper Control of Generation of Code ('Code Injection') CWE-94 The affected application contains a SOAP endpoint that could allow ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerabilities: Observable Timing Discrepancy, Double Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in disclosure of information stored in the product by sending specially crafted packets or could cause a denial-of service (DoS) condition by getting a legitimate user to import a specially crafted certificate 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric products are affected: CC-Link IE TSN Industrial Managed Switch, model NZ2MHG-TSNT8F2 NZ2MHG-TSNT4: All versions 3.2 Vulnerability Overview 3.2.1 OBSERVABLE TIMING DISCREPANCY CWE-208 An attacker could decrypt ciphertext and disclose sensitive information by sending specially crafted packets and performing a Bleichenbacher style attack. CVE-2022-4304 has been assigned to this vuln...