us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Positron S.R.L Equipment: Broadcast Signal Processor TRA7005 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and access unauthorized protected areas of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Positron Broadcast Signal Processor are affected: Broadcast Signal Processor TRA7005: v1.20 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. CVE-2024-7007 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculate...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy AFS/AFR are affected: AFS650: Version 9.1.08 and prior AFS660-C: Version 7.1.05 and prior AFS665-B: Version 7.1.05 and prior AFS670-V2: Version 7.1.05 and prior AFS670: Version 9.1.08 and prior AFS675: Version 9.1.08 and prior AFS677: Version 9.1.08 and prior AFR677: Version 9.1.08 and prior 3.2 Vulnerability Overview 3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments LabVIEW products are affected: LabVIEW: Versions 24.1f0 and prior 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 LabVIEW is vulnerable to an out-of-bounds read, which could allow a local attacker to execute arbitrary code on affected installations of LabVIEW. User interaction is required to exploit the vulnerabilities in that the user must open a malicious VI file. CVE-2024-4079 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: IO Trace Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments I/O TRACE bundled products are affected: I/O TRACE: All versions 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. User interaction is required to exploit the vulnerability in that the user must open a malicious nitrace file. CVE-2024-5602 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-5602. A base score of 8.4 has been calc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following versions of MELSOFT MaiLab, a data science tool for manufacturing improvement, are affected: MELSOFT MaiLab SW1DND-MAILAB-M: versions 1.00A to 1.05F MELSOFT MaiLab SW1DND-MAILABPR-M: versions 1.00A to 1.05F 3.2 Vulnerability Overview 3.2.1 Improper Verification of Cryptographic Signature CWE-347 A denial-of-service vulnerability exists in the OpenSSL library used in MELSOFT MaiLab due to improper verification of cryptographic signature resulting from improper implementation of the POLY1305 message authentication code (MAC). CVE-2023-4807 has ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Subnet PowerSYSTEM Center are affected: PowerSYSTEM Center 2020: Update 20 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPERLY CONTROLLED MODIFICATION OF OBJECT PROTOTYPE ATTRIBUTES ('PROTOTYPE POLLUTION') CWE-1321 Subnet PowerSYSTEM Center products are vulnerable to a prototype pollution vulnerability, which may allow an authenticated attacker to elevate permissions. CVE-2023-26136 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). A CVSS v4 score has also been calculated for CVE-2023-26136....

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Pavilion 8, a Model Predictive Control (MPC) solution, are affected: Pavilion 8: Versions 5.15.00 to 5.20.00 3.2 Vulnerability Overview 3.2.1 Incorrect Permission Assignment for Critical Resource CWE-732 A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data and create users. For example, a malicious user with basic privileges could perfo...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to execute arbitrary code with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens are affected: SINEMA Remote Connect Server: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 Affected applications are vulnerable to command injection due to missing server side ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: TIA Portal and SIMATIC STEP 7 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Totally Integrated Automation Portal (TIA Portal): All versions Totally Integrated Automation Portal (TIA Portal) V18: All versions SIMATIC STEP 7 Safety V18: All versions 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DA...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated local attacker to execute arbitrary code with system privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following versions of SINEMA Remote Connect management platform are affected: SINEMA Remote Connect Client: versions prior to V3.2 HF1 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 The syst...