us-cert

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions Equipment: MAGLINK LX - Web Console Configuration Vulnerabilities: Authentication Bypass using an Alternate Path or Channel, Improper Access Control, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MAGLINK LX Web Console Configuration are affected: MAGLINK LX Web Console Configuration: version 2.5.1 MAGLINK LX Web Console Configuration: version 2.5.2 MAGLINK LX Web Console Configuration: version 2.5.3 MAGLINK LX Web Console Configuration: version 2.6.1 MAGLINK LX Web Console Configuration: version 2.11 MAGLINK LX Web Console Configuration: version 3.0 MAGLINK LX Web Console Configuration: version 3.2 MAGLINK LX Web Console Configuration: version 3.3 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS USING...

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker logging into the web interface using the obtained credentials. The attacker could initialize or reboot the products, terminating the video transmission. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Real-time Video Transmission Gear "IP series", a hosted web application, are affected: Real-time Video Transmission Gear "IP series" IP-HE950E: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE950D: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE900E: firmware versions V01L001 to V01L010 Real-time Video Transmission Gear "IP series" IP-HE900D: firmware versions V01L001 to V01L004 Real-time Video Transmission Ge...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: GE Digital ​Equipment: CIMPLICITY ​Vulnerability: Process Control 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges to SYSTEM. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following GE products are affected:  ​GE Digital CIMPLICITY: v2023 3.2 VULNERABILITY OVERVIEW 3.2.1 ​PROCESS CONTROL CWE-114 ​GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. ​CVE-2023-4487 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND ​CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors ​COUNTRIES/AREAS DEPLOYED: Worldwide ​COMPANY HEADQUARTERS LO...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: PTC ​Equipment: Kepware KepServerEX ​Vulnerabilities: Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, and obtain server hashes and credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of Kepware KepServerEX, an industrial automation control platform, are affected: ​Kepware KepServerEX: version 6.14.263.0 and prior ​ThingWorx Kepware Server: version 6.14.263.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​UNCONTROLLED SEARCH PATH ELEMENT CWE-427 ​The installer application of KEPServerEX is vulnerable to DLL search order hijacking. This could allow an adversary to repackage the installer with a malicious DLL and trick users into installing the trojanized software. Successful...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: ARDEREG ​Equipment: Sistemas SCADA ​Vulnerability: SQL Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to manipulate SQL query logic to extract sensitive information and perform unauthorized actions within the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following ARDEREG products are affected:  ​Sistemas SCADA: Versions 2.203 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 ​Sistema SCADA Central, a supervisory control and data acquisition (SCADA) system, is designed to monitor and control various industrial processes and critical infrastructure. ARDEREG identified this SCADA system’s login page to be vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sens...

1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow the attacker to access connected equipment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Digi International reports that the following products using Digi RealPort Protocol are affected: ​Digi RealPort for Windows: version 4.8.488.0 and earlier ​Digi RealPort for Linux: version 1.9-40 and earlier ​Digi ConnectPort TS 8/16: versions prior to 2.26.2.4 ​Digi Passport Console Server: all versions ​Digi ConnectPort LTS 8/16/32: versions prior to 1.4.9 ​Digi CM Console Server: all versions ​Digi PortServer TS: all versions ​Digi PortServer TS MEI: all versions ​Digi PortServer TS MEI Hardened: all versions ​Digi PortServer TS M MEI: all versions ​Digi PortServer TS P MEI: all versions ​Digi One IAP Family: a...

1. EXECUTIVE SUMMARY ​CVSS v3 8.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: PTC ​Equipment: Codebeamer ​Vulnerability: Cross site scripting 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to inject arbitrary JavaScript code, which could be executed in the victim's browser upon clicking on a malicious link. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of PTC Codebeamer, Application Lifecycle Management (ALM) platform for product and software development, are affected: ​Codebeamer: v22.10-SP6 or lower ​Codebeamer: v22.04-SP2 or lower ​Codebeamer: v21.09-SP13 or lower 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79 ​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device. ​CVE-2023-4296 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5  ​ATTENTION: Exploitable remotely/low attack complexity  ​Vendor: OPTO 22  ​Equipment: SNAP PAC S1  ​Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Weak Password Requirements, Improper Access Control, Uncontrolled Resource Consumption  2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to brute force passwords, access certain device files, or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following version of SNAP PAC S1, an industrial programmable automation controller, is affected:  ​SNAP PAC S1 Firmware: Version R10.3b  3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307  ​There is no limit on the number of login attempts. This could allow a brute force attack on the built-in web server login.  ​CVE-2023-40706 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigne...

1. EXECUTIVE SUMMARY ​CVSS v3 7.3  ​ATTENTION: low attack complexity  ​Vendor: CODESYS, GmbH  ​Equipment: CODESYS Development System  ​Vulnerability: Uncontrolled Search Path Element.  2. RISK EVALUATION ​Successful exploitation of this vulnerability could cause users to unknowingly launch a malicious binary placed by a local attacker.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​CODESYS reports this vulnerability affects the following versions of CODESYS Development System:  ​CODESYS Development System: versions from 3.5.17.0 and prior to 3.5.19.20  3.2 VULNERABILITY OVERVIEW 3.2.1 ​UNCONTROLLED SEARCH PATH ELEMENT CWE-427  ​In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users’ context.  ​CVE-2023-3662 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).  3.3 BACKGRO...

1. EXECUTIVE SUMMARY CVSS v3 7.5  ATTENTION: Exploitable remotely/low attack complexity/known public exploitation  Vendor: KNX Association  Equipment: KNX devices using KNX Connection Authorization  Vulnerability: Overly Restrictive Account Lockout Mechanism  2. RISK EVALUATION Successful exploitation of this vulnerability could cause users to lose access to their device, potentially with no way to reset the device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following devices using KNX Protocol are affected:  KNX devices using Connection Authorization Option 1 Style in which no BCU Key is currently set: All versions  3.2 VULNERABILITY OVERVIEW 3.2.1 OVERLY RESTRICTIVE ACCOUNT LOCKOUT MECHANISM CWE-645  KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the devi...