us-cert

1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN, UNEM Products Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could permit an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN: Version R16A FOXMAN-UN: Version R15B FOXMAN-UN: Version R15A UNEM: Version R16A UNEM Version R15B UNEM: Version R15A The following version and sub-versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN: Version R14B  FOXMAN-UN: Version R14A  FOXMAN-UN: Version R11B  FOXMAN-UN: Version R11A  FOXMAN-UN: Version R10C  FOXMAN-UN: Version R9C  UNEM: Version R14B  UNEM: Version R14A  UNEM: Version R11B  UNEM: Version R11A  UNEM: Version R10C  UNEM: Version R9C  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER OUTPUT ...

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Advantech ​Equipment: R-SeeNet ​Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to authenticate as a valid user or access files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Advantech reports these vulnerabilities affects the following R-SeeNet monitoring application: ​R-SeeNet: versions 2.4.22 and prior 3.2 VULNERABILITY OVERVIEW ​3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 ​Advantech R-SeeNet is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. ​CVE-2023-2611 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 ​EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73 ​...

1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SpiderControl Equipment: SCADAWebServer Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SCADAWebServer are affected: SCADAWebServer: Versions 2.08 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. CVE-2023-3329 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vecto...

1. EXECUTIVE SUMMARY CVSS v3 8.6  ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Enphase Installer Toolkit Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow sensitive information to be obtained by an attacker using hard-coded credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Installer Toolkit, a software application, is affected:  Installer Toolkit: 3.27.0 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Enphase Installer Toolkit versions 3.27.0 and prior have hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. CVE-2023-32274 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Ener...

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Envoy Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain root access to the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Envoy, an energy monitoring device, is affected: Envoy: D7.0.88 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 Enphase Envoy versions D7.0.88 and prior are vulnerable to a command injection exploit that may allow an attacker to execute root commands. CVE-2023-33869 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: Solid Edge SE2023: All versions prior to V223.0 Update 5 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 Open Design Alliance Drawings SDK (versions before 2024.1) is vulnerable to an out-of-bounds read when reading a DWG file. This could allow an attacker to execute code in the context of the cur...

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: SINAMICS MV (medium voltage) products ​Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Use After Free, Improper Authentication, OS Command Injection, Improper Certificate Validation, Improper Resource Shutdown or Release, Allocation of Resources Without Limits or Throttling, Incorrect Default Permissions, Improper Validation of Syntactic Correctness of Input, Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could lead to information leaks, denial of service, code execution, or grant access to an extern...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 TM MFP Vulnerabilities: Improper Input Validation, Out-of-bounds Read, Use After Free, Out-of-bounds Write, Infinite Loop, Reachable Assertion, Off-by-one Error, Incorrect Default Permissions, Double Free, Improper Handling of Exceptional Conditions, Integer Overflow or Wraparound, NULL Pointer Dereference, Release of Invalid Pointer or Reference, Race Condition, Improper Restriction of Operations within the Bounds of a Memory Buffer, Non-exit on Failed Initialization, Missing Encryption of Sensitive Data, Classic Buffer Overflow, Uncontrolled Re...

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY ​CVSS v3 7.2 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: SICAM A8000 Devices ​Vulnerabilities: Command Injection, Use of Hard-coded Credentials, Exposed Dangerous Method or Function 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker, with direct physical access, to crack the root password to login to the device or remotely execute arbitrary code with root privileges.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05 ​CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to C...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC S7-PM, SIMATIC STEP 7 V5 Vulnerability: Improper Control of Generation of Code ('Code Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected:  SIMATIC PCS 7: All versions SIMATIC S7-PM: All versions SIMATIC STEP 7 V5: All versions prior to V5.7 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPE...