us-cert

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending specially crafted packets. System reset is required for recovery. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric CNC series products are affected: M8V Series  M800VW (BND-2051W000-**): All versions M800VS (BND-2052W000-**): All versions M80V (BND-2053W000-**): All versions M80VW (BND-2054W000-**): All Versions M8 Series  M800W (BND-2005W000-**): All versions M800S (BND-2006W000-**): All versions M80 (BND-2007W000-**): All versions M80W (BND-2008W000-**): All versions E80 (BND-2009W000-**): All versions C80 C80 C80 (BND-2036W000-**): All Versions M7V Series M700VW (BND-1012W000-...

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a network door controller, are affected: AXIS A1001: 1.65.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 A heap-based buffer overflow vulnerability exists in the AXIS 1001 versions 1.65.4 and prior. When communicating over the Open Supervised Device Protocol (OSDP), the pacsiod process that handles the OSDP communication allows for writing outside of the allocated buffer. By appending invalid data to an OSDP message, it is possible to write data beyond the heap allocated buffer. The data written outside the buffer could allow an attacker to execute arbitrary code. CVE-2023-21406 has been assig...

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: IQ Wifi 6: All firmware versions prior to 2.0.2 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Restriction of Execssive Authentication Attempts CWE-307 In firmware versions prior to v2.0.2 of Johnson Controls IQ Wifi 6, an unauthorized user could gain account access by conducting a brute force authentication attack. CVE-2023-3548 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). 3.3 BACKGROUND Critical Infrastructure Sectors: Critical Ma...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software: ThinManager ThinServer: versions 13.0.0—13.0.2 and 13.1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Relative Path Traversal CWE-23 An executable used in the affected products can be configured to enable an API feature in the HTTPS server settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that could allow a remote actor to levera...

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or control of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products are affected: ROC809 & ROC827— All firmware versions, all hardware series ROC809L & ROC827L— All firmware versions DL8000— All firmware versions, all hardware series The Series 1 ROC800 and DL8000 became obsolete in 2008 when the Series 2 was introduced. 3.2 VULNERABILITY OVERVIEW 3.2.1 Authentication Bypass By Primary Weakness CWE-305 ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to components, ability to execute arbitrary code, or ability to execute a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS EcoStruxure Control Expert: All versions prior to V15.3 EcoStruxure Process Expert: Version V2020 and prior Modicon M340 CPU (part numbers BMXP34*): All versions prior to SV3.51 Modicon M580 CPU (part numbers BMEP* and BMEH*): All versions prior to SV4.10 Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S): All versions Modicon Momentum Unity M1E Processor (171CBU*): All versions prior to SV2.6 Modicon MC80 (BMKC80): All versions Legacy Modicon Quantum (140CPU65*) and...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8  ​ATTENTION: Exploitable remotely/low attack complexity/public exploits are available ​Vendor: GeoVision ​Equipment: GV-ADR2701 ​Vulnerabilities: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to log in to the camera’s web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​GeoVision reports this vulnerability affects the following GV-ADR2701 cameras:  ​GV-ADR2701: Version V1.00_2017_12_15 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER AUTHENTICATION CWE-287 ​In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. ​CVE-2023-3638 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND ​CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities ​COUNTRIES/AREAS DEPLOYED: Worldwide ​COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEAR...

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or send malicious data which can lead to a buffer overflow. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of WellinTech KingHistorian, a time-series database, are affected: KingHistorian: version 35.01.00.05 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this v...

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload and execute arbitrary files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Iagona ScrutisWeb, a web application, are affected: ScrutisWeb: Version 2.1.37 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ABSOLUTE PATH TRAVERSAL CWE-36 Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot. CVE-2023-33871 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H...

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low attack complexity Vendor: GE Digital Equipment: CIMPLICITY Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption issues resulting in unwanted behavior such as code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following GE Digital products are affected:  CIMPLICITY: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code. CVE-2023-3463 has been assigned to this vulnera...