Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: Solid Edge SE2023: All versions prior to V223.0 Update 7 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 The affected application contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. CVE-2023-39181 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 OUT-OF-BOUNDS READ CWE-125 The affected applications contain an...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Schneider Electric Equipment: IGSS (Interactive Graphical SCADA System) Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution or loss of control of the SCADA system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports this vulnerability affects the following IGSS (Interactive Graphical SCADA System) products: IGSS Dashboard (DashBoard.exe): v16.0.0.23130 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 A deserialization of untrusted data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to arbitrary code execution when an attacker gets the user to open a malicious file. CVE-2023-3001 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CV...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a buffer overflow and reboot of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports these vulnerabilities affect the following RTU500 series products: RTU500 series CMU: Firmware versions 13.3.1–13.3.2 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited if the HCI 60870-5-104 is configured with IEC 62351-5 support and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted messa...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric products are affected when either of the following cases apply: The case of transferring data with GT Designer3 Version1(GOT2000) listed below and GOT2000 Series or GOT SIMPLE Series listed below with the Data Transfer Security function enabled. The case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 listed below and GOT2000 series listed below with the Data Transfer Security function enabled. GT Designer3 Version1 (GOT2000): v1.295...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER reports this vulnerability affects the following versions of TelWin SCADA WebInterface: TelWin SCADA WebInterface: versions 3.2 to 6.1 TelWin SCADA WebInterface: versions 7.0 to 7.1 TelWin SCADA WebInterface: versions 8.0 and 9.0 3.2 VULNERABILITY OVERVIEW 3.2.1 PATH TRAVERSAL CWE-35 External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system. CVE-2023-0956 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been ...
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT2000 Series and GOT SIMPLE Series Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports this vulnerability affects the following HMIs when using the “FTP server” function: GOT2000 Series, GT21 model: versions 01.49.000 and prior GOT SIMPLE, GS21 model: versions 01.49.000 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 PREDICTABLE EXACT VALUE FROM PREVIOUS VALUES CWE-342 A denial-of-service and spoofing (session hijacking of data connections) vulnerability exists in the FTP server function on GOT2000 series and GOT SIMPLE series because the port number of a data connection can be easily guessed due to predictable exact valu...
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. Equipment: VideoEdge Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file and interfere with VideoEdge operation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Sensormatic Electronics, a subsidiary of Johnson Controls Inc, products are affected: VideoEdge: Versions prior to 6.1.1 3.2 VULNERABILITY OVERVIEW 3.2.1 ACCEPTANCE OF EXTRANEOUS UNTRUSTED DATA WITH TRUSTED DATA CWE-349 In Sensormatic VideoEdge versions prior to 6.1.1, a local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. CVE-2023-3749 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely / low attack complexity / public exploits available Vendor: APSystems Equipment: Altenergy Power Control Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Altenergy Power Control software are affected: Altenergy Power Control Software: C1.2.5 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 OS command injection affects Altenergy Power Control software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php. CVE-2023-28343 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated. The CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND ...
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconfigure the device or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ETIC Telecom RAS are affected: ETIC Telecom RAS: All versions 4.7.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 INSECURE DEFAULT INITIALIZATION OF RESOURCE CWE-1188 ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition. CVE-2023-3453 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KEPServerEX, an industrial automation data concentrator and device manager, are affected: KEPServerEX: Versions 6.0 to 6.14.263 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode u...