Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS Development System Vulnerability: Insufficient Verification of Data Authenticity. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute a-man-in-the-middle (MITM) attack to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS CODESYS reports this vulnerability affects the following versions of CODESYS Development System: CODESYS Development System: versions from 3.5.11.0 and prior to 3.5.19.20 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345 In CODESYS Development System versions from 3.5.11.0 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. CVE-2023-3663 has been assigned to this vulnerability. A CVSS v3 base scor...
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR Series A, 1732E-12X4M12QCDR Series A, 1732E-16CFGM12QCR Series A, 1732E-16CFGM12P5QCR Series A, 1732E-12X4M12P5QCDR Series A, 1732E-16CFGM12P5QCWR Series B, 1732E-IB16M12R Series B, 1732E-OB16M12R Series B, 1732E-16CFGM12R Series B, 1732E-IB16M12DR Series B, 1732E-OB16M12DR Series B, 1732E-8X8M12DR Series B, 1799ER-IQ10XOQ10 Series B Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service on the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of select Input/Output Modules from Rockwell Automation are affected: 1734-AENT/1734-AENTR Series C: Versions 7.011 and prior 1734-AENT/173...
1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS Development System Vulnerability: Improper Restriction of Excessive Authentication Attempts. 2. RISK EVALUATION Successful exploitation of this vulnerability could provide a local attacker with account information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS CODESYS reports this vulnerability affects the following versions of CODESYS Development System: CODESYS Development System: versions prior to 3.5.19.20 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345 A missing brute-force protection in CODESYS Development System prior to 3.5.19.20 could allow a local attacker to have unlimited attempts of guessing the password within an import dialog. CVE-2023-3669 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). 3.3 BACKGROUND CRITICAL IN...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely delete arbitrary files with system privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software: ThinManager ThinServer: Versions 11.0.0-11.0.6 ThinManager ThinServer: Versions 11.1.0-11.1.6 ThinManager ThinServer: Versions 11.2.0-11.2.6 ThinManager ThinServer: Versions 12.1.0-12.1.6 ThinManager ThinServer: Versions 12.0.0-12.0.5 ThinManager ThinServer: Versions 13.0.0-13.0.2 ThinManager ThinServer: Version 13.1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Due to improper input validation, an integer o...
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFF66x Vulnerabilities: Cross-site Scripting, Use of Insufficiently Random Values, Origin Validation Error, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports these vulnerabilities affect the following AFF660/665 products: AFF660/665: Firmware 03.0.02 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79 In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names DNS servers returned via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo could lead to output of wrong hostnames (leading to domain hijacking) or injection...
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low attack complexity Vendor: Trane Equipment: XL824, XL850, XL1050, and Pivot thermostats Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as root using a specially crafted filename. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Trane reports this vulnerability affects the following thermostats: Trane Technologies XL824 Thermostat: Firmware versions 5.9.8 and earlier Trane Technologies XL850 Thermostat: Firmware versions 5.9.8 and earlier Trane Technologies XL1050 Thermostat: Firmware versions 5.9.8 and earlier Trane Technologies Pivot Thermostat: Firmware versions 1.8 and earlier 3.2 VULNERABILITY OVERVIEW 3.2.1 INJECTION CWE-74 A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requ...
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a disclosure of sensitive information, a denial of service, or modification of data if an attacker is able to intercept network traffic. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Schneider Electric PowerLogic, a power meter, are affected: PowerLogic ION9000: All versions prior to 4.0.0 PowerLogic ION7400: All versions prior to 4.0.0 PowerLogic PM8000: All versions prior to 4.0.0 PowerLogic ION8650: All versions PowerLogic ION8800: All versions Legacy ION products: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 A cleartext transmission of sensitive information vulner...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Walchem Equipment: Intuition 9 Vulnerabilities: Missing Authentication for Critical Function, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to download and export sensitive data or grant an attacker direct login to a device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Intuition 9, a water treatment controller, are affected: Intuition 9: versions prior to v4.21 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data. CVE-2023-38422 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/...
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ICONICS reports these vulnerabilities affect the following products using OpenSSL: ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 3.2 VULNERABILITY OVERVIEW 3.2.1 CLASSIC BUFFER OVERFLOW CWE-120 A denial of service and potential crash vulnerability due to a buffer overrun condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate name constraint checking. CVE-2022-3602 has been assigned to this vulnerability. A CVSS v3 base s...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Armor PowerFlex Vulnerability: Incorrect Calculation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send an influx of network commands, causing the product to generate an influx of event log traffic at a high rate, resulting in the stop of normal operation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: Armor PowerFlex: v1.003 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT CALCULATION CWE-682 A vulnerability was discovered in Armor PowerFlex when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset. The error code would ...