us-cert

1. EXECUTIVE SUMMARY CVSS v3 7.5  ATTENTION: Exploitable remotely/low attack complexity   Vendor: Rockwell Automation  Equipment: Kinetix 5700  Vulnerability: Uncontrolled Resource Consumption  2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Rockwell Automation Kinetix 5700 DC Bus Power Supply is affected:  Kinetix 5700: V13.001 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 The Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack. CVE-2023-2263 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SE...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Weintek ​Equipment: Weincloud ​Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper Handling of Structural Elements 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to utilize the JSON web token (JWT) to reset account passwords, use expired credentials, perform brute force attacks on credentials, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Weintek Weincloud versions are affected:  ​Account API: Versions 0.13.6 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640 ​The affected product could allow an attacker to reset a password with the corresponding account’s JWT token only. ​CVE-2023-35134 has been assigned to this vulnerabil...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Keysight Technologies ​Equipment: N6854A Geolocation Server ​Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Keysight monitoring products are affected:  ​N6854A Geolocation Server versions 2.4.2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749 ​In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges. ​CVE-2023-36853 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L...

1. EXECUTIVE SUMMARY ​CVSS v3 8.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: SIMATIC MV500 series devices ​Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Release of Memory after Effective Lifetime, Injection, Inadequate Encryption Strength, Double Free, Incomplete Cleanup, Observable Discrepancy, Improper Locking, Use After Free, Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to read memory contents, disclose information, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​SIMATIC MV540 H (6GF3540-0GE10): All versions prior to v3.3.4 ​SIMATIC MV540 S (6GF3540-0CD10): All versions prior to v 3.3.4 ​SIMATIC MV550 H (6GF3550-0GE10): All versions prior to v 3.3.4 ​SIMATIC MV550 S (6GF3550-0CD10): All versions prior to v 3.3.4 ​SIMATIC MV560 U (6GF3560-0LE10): ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: SiPass Integrated ​Vulnerability: Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to crash the server application, creating a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Siemens reports this vulnerability affects the following SiPass integrated products: ​SiPass integrated: all versions prior to V2.90.3.8 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER INPUT VALIDATION CWE-20 ​Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.  This could allow an unauthenticated remote attacker to crash the server application, creating a denial-of-service condition. ​CVE-2022-31810 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation PowerMonitor 1000 are affected:  PowerMonitor 1000: V4.011 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 The PowerMonitor 1000 contains stored cross site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attacker on an authenticated user resulting in remote code execution and potent...

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain privilege escalation and bypass network isolation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SIMATIC CN 4100, a communication node, are affected: SIMATIC CN 4100: all versions prior to V2.5 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284 Affected device consists of improper access controls in the configuration files that could lead to privilege escalation. An attacker could gain admin access with this vulnerability, leading to complete device control. CVE-2023-29130 has been assigned to this vulnerability. A CVSS v3 base score of 9.9 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). 3.2.2 INCORRECT DEFAUL...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, LX, and PlantCruise Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow, Out-of-bounds Write, Uncontrolled Resource Consumption, Improper Encoding or Escaping of Output, Deserialization of Untrusted Data, Improper Input Validation, Incorrect Comparison 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow privilege escalation or allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Honeywell reports these vulnerabilities affect the following versions of Experion PKS, LX, and PlantCruise:   Experion PKS: versions prior to R520.2 Experion LX: versions prior to R520.2 Experion PlantCruise: versions prior to R520.2 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 Experion Server or Console Station could experience a denial-of-service condition...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ROX ​Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate Encryption Strength, Use of a Broken or Risky Cryptographic Algorithm. 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to send a malformed HTTP packet causing certain functions to fail, achieve a man-in-the-middle attack, or arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​RUGGEDCOM ROX MX5000: All versions prior to V2.16.0 ​RUGGEDCOM ROX MX5000RE: All versions prior to V2.16.0 ​RUGGEDCOM ROX RX1400: All versions pr...

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain privilege escalation and bypass network isolation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SIMATIC CN 4100, a communication node, are affected: SIMATIC CN 4100: all versions prior to V2.5 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284 Affected device consists of improper access controls in the configuration files that could lead to privilege escalation. An attacker could gain admin access with this vulnerability, leading to complete device control. CVE-2023-29130 has been assigned to this vulnerability. A CVSS v3 base score of 9.9 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). 3.2.2 INCORRECT DEFAUL...