us-cert

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access of the running memory of the module and perform malicious activity. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected:  1756-EN2T Series A, B, and C: Versions 5.008 and 5.028 and prior 1756-EN2T Series D: Versions 11.003 and prior 1756-EN2TK Series A, B, and C: Versions 5.008 and 5.028 and prior 1756-EN2TK Series D: Versions 11.003 and prior 1756-EN2TXT Series A, B, and C: Versions 5.008 and 5.028 and prior 1756-EN2TXT Series D: Versions 11.003 and prior 1756-EN2TP...

1. EXECUTIVE SUMMARY CVSS v3 7.8  ATTENTION: Low attack complexity  Vendor: Panasonic  Equipment: Control FPWIN Pro7  Vulnerabilities: Type Confusion, Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer  2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in information disclosure or remote code execution on affected installation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Panasonic Control FPWIN, are affected:  Control FPWIN: version 7.6.0.3 and all previous versions 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 In Panasonic Control FPWIN versions 7.6.0.3 and prior, a stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or a parameter to a function). CVE-2023-28728 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector stri...

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Enhanced HIM Vulnerability: Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to sensitive information disclosure and full remote access to the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation’s Enhanced HIM, a communication interface, are affected: Enhanced HIM: Version 1.001 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352  The API the application uses is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable via adjacent network/Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: iSTAR ​Vulnerability: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthenticated user to login to iSTAR devices with administrator rights. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Johnson Controls reports this vulnerability affects the following versions of Sensormatic Electronics iSTAR products:  ​iSTAR Ultra and iSTAR Ultra LT: Firmware after version 6.8.6 and prior to 6.9.2 CU01 ​iSTAR Ultra G2 and iSTAR Edge G2: Firmware versions prior to 6.9.2 CU01 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER AUTHENTICATION CWE-287 ​In Sensormatic Electronics iSTAR devices, an unauthenticated user could login with administrator rights. ​CVE-2023-3127 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS v...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity  Vendor: PiiGAB, Processinformation i Göteborg Aktiebolag  Equipment: M-Bus SoftwarePack 900S  Vulnerabilities: Code Injection, Improper Restriction of Excessive Authentication Attempts, Unprotected Transport of Credentials, Use of Hard-coded Credentials, Plaintext Storage of a Password, Cross-site Scripting, Weak Password Requirements, Use of Password Hash with Insufficient Computational Effort, Cross-Site Request Forgery  2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash allow an attacker to inject arbitrary commands, steal passwords, or trick valid users into executing malicious commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PiiGAB reports these vulnerabilities affect the following wireless meter reading software:   M-Bus SoftwarePack 900S 3.2 VULNERABILITY OVERVIEW 3.2.1 CODE INJECTION CWE-94 PiiGAB M-Bus does not correctly sanitize user input, which could all...

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ABUS Equipment: ABUS Security Camera Vulnerability: Command injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary file reads or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ABUS TVIP, an indoor security camera, are affected:  ABUS TVIP: 20000-21150 3.2 VULNERABILITY OVERVIEW 3.2.1 COMMAND INJECTION CWE-77 ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. CVE-2023-26609 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Comercial Facilities COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Delta Electronics ​Equipment: InfraSuite Device Master ​Vulnerabilities: Improper Access Control, Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges or remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Delta Electronics products are affected:  ​InfraSuite Device Master: Versions prior to 1.0.7 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER ACCESS CONTROL CWE-284 ​An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. ​CVE-2023-34316 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.2 ​IMPROPER ACCESS CONTROL CWE-284 ​Delta Electronics In...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity/public exploits are available Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert VXDZ Vulnerability: Improper Control of Generation of Code ('Code Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code and gain access to sensitive information on the machine. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric EcoStruxure Operator Terminal Expert, a human machine interface (HMI) application, are affected: EcoStruxure Operator Terminal Expert: Versions 3.3 SP1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94 Schneider Electric EcoStruxure operator Terminal Expert versions 3.3 SP1 and prior are vulnerable to a code injection attack that could allow an attacker to execute arbitrary code and gain access to all information on the machine. ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Ovarro ​Equipment: TBox RTUs ​Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy, Improper Authorization, Plaintext Storage of a Password 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could result in sensitive system information being exposed and privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following firmware versions of TBox RTUs are affected:  ​TBox MS-CPU32: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) ​TBox MS-CPU32-S2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) ​TBox LT2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-36609, CVE-2023-36610, CVE-2023-36611) ​TBox TG2: Version 1.50.598 and prior (CVE-2023-36607, CVE-2023-3660...

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: MELSEC-F Series ​Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to login to the product by sending specially crafted packets. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Mitsubishi Electric reports this vulnerability affects the following MELSEC-F Series products if they are used with ethernet communication special adapter FX3U-ENET-ADP or ethernet communication block FX3U-ENET(-L). These products are sold in limited regions: ​FX3U-xMy/z x=16,32,48,64,80,128, y=T,R, z=ES,ESS,DS,DSS *1: All versions ​FX3U-32MR/UA1, FX3U-64MR/UA1 *1: All versions ​FX3U-32MS/ES, FX3U-64MS/ES *1: All versions ​FX3U-xMy/ES-A x=16,32,48,64,80,128, y=T,R *1*2: All versions ​FX3UC-xMT/z x=16,32,64,96, z=D,DSS *1: All versions ​FX3UC-16MR/D-T, FX3UC-16MR/DS-T *1: All versions ​FX3UC-32MT...