us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Uniview Equipment: NVR301-04S2-P4 Vulnerability: Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Uniview NVR, a network video recorder, is affected: NVR301-04S2-P4: Versions prior to NVR-B3801.20.17.240507 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 The affected product is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Inosoft Equipment: VisiWin Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Inosoft products are affected: VisiWin 7: All versions prior to version 2024-1 3.2 Vulnerability Overview 3.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276 VisiWin creates a directory with insufficient permissions, allowing a low-level user the ability to add and modify certain files that hold SYSTEM privileges, which could lead to privilege escalation. CVE-2023-31468 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) A CVSS v4 score has also been calculated for CVE-2023-31468. A base score of 8.5 has been calculated; the CVSS vector st...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LenelS2 Equipment: NetBox Vulnerabilities: Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute malicious commands with elevated permissions 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of LenelS2, a Carrier Brand, are affected: NetBox: All versions prior to 5.6.2 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED PASSWORD CWE-259 LenelS2 NetBox access control and event monitoring system was discovered to contain hard-coded credentials in versions prior to and including 5.6.1, which allows an attacker to bypass authentication requirements. CVE-2024-2420 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 sc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: EDW-100 Vulnerabilities: Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access the device using hardcoded credentials and download cleartext username and passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Westermo EDW-100, a Serial to Ethernet converter, are affected: EDW-100: All versions 3.2 Vulnerability Overview 3.2.1 Use of Hard-coded Password CWE-259 Westermo EDW-100 has a hidden administrator account with a hardcoded password. In the firmware package, in "image.bin", the username root and the password for this account are both hard-coded and exposed as strings that can trivially be extracted. Currently there is no way to change this password. CVE-2024-36080 has been assigned to this vulnerability. A CVSS v3.1 base sc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Out-of-Bounds Write, Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Fuji Electric's Monitouch V-SFT, a screen configuration software, are affected: Monitouch V-SFT: Versions prior to 6.2.3.0 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 The affected product is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution. CVE-2024-5271 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-5271. A base score of 8.5 has been calculated; the CVSS vector string is (...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Campbell Scientific Equipment: CSI Web Server Vulnerabilities: Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to download files and decode stored passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Campbell Scientific CSI Web Server and RTMC (Real-Time Monitoring and Control) Pro, which contains the CSI Web Server are affected: Campbell Scientific CSI Web Server: Versions 1.6 and prior RTMC Pro: Version 5.0 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specia...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity PLCs Vulnerabilities: Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer Overflow, Improper Access Control, Active Debug Code, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to remote code execution and denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS AutomationDirect reports the following versions of Productivity PLCs are affected: Productivity 3000 P3-550E CPU: FW 1.2.10.9 Productivity 3000 P3-550E CPU: SW 4.1.1.10 Productivity 3000 P3-550 CPU: FW 1.2.10.9 Productivity 3000 P3-550 CPU: SW 4.1.1.10 Productivity 3000 P3-530 CPU: FW 1.2.10.9 Productivity 3000 P3-530 CPU: SW 4.1.1.10 Productivity 2000 P2-550 CPU: FW 1.2.10.10 Productivity 2000 P2-550 CPU: SW 4.1.1.10 Productivity 1000 P1-550 CPU: FW 1.2.10.10 Productivity ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerabilities: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and write files outside of their own directory. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of LAquis SCADA, an HMI program, are affected: LAquis SCADA: Versions 4.7.1.7 and prior 3.2 Vulnerability Overview 3.2.1 Path Traversal CWE-22 There are multiple ways in LAquis SCADA for an attacker to access locations outside of their own directory. CVE-2024-5040 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-5040. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Missing Immutable Root of Trust in Hardware 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to compromise the device, gain root access of the device, or gain complete read/write access to the file system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SIMATIC CN 4100, a communication node, are affected: SIMATIC CN 4100: All versions prior to V3.0 3.2 Vulnerability Overview 3.2.1 USE OF HARD...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Heap-based Buffer Overflow, Out-of-bounds Read, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Solid Edge: All versions prior to V224.0 Update 5 (CVE-2024-33489, CVE-2024-33490, CVE-2024-33491, CVE-2024-33492, CVE-2024-33493) Solid Edge: All versions prior to V224.0 Update 2 (CVE-2024-34771, CVE-2024-34773) Solid Edge: All v...