Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: SUBNET Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Cross-site Scripting, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious scripts or perform a denial-of-service type attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SUBNET PowerSYSTEM Center, a multi-function management platform, are affected: PowerSYSTEM Center: 2020 U10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. CVE-2023-32659 h...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMOTION Vulnerability: Exposure of Sensitive Information Due to Incompatible Policies 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMOTION C240 (6AU1240-1AA00-0AA0): All versions including V5.4 and later but prior to V5.5 SP1 SIMOTION C240 PN (6AU1240-1AB00-0AA0): All versions including V5.4 and later but prior to V5.5 SP1 SIMOTION D410-2 DP (6AU1410-2AA00...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC V7 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to inject arbitrary code and escalate privileges if a non-default installation path was chosen during installation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMATIC WinCC: All versions prior to V7.5.2.13 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 Affected applications fail to set proper access rights for t...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker gaining remote file system access and achieving remote command execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech WebAccess/SCADA, a browser-based SCADA software package, are affected: WebAccess/SCADA: All versions prior to 9.1.4 3.2 VULNERABILITY OVERVIEW 3.2.1 UNTRUSTED POINTER DEREFERENCE CWE-822 All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. CVE-2023-1437 has been assigned to this vulnerability. A CVS...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 3.9 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC Products Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain unauthorized access to product control and data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMATIC NET PC Software V14: All versions SIMATIC NET PC Software V15: All versions SIMATIC PCS 7 V8.2: All versions SIMATIC PCS 7 V9.0: All versions SIMATIC PCS 7 V9.1: All versions SIMATIC WinCC: All versions prior to V8.0 SINAUT Software ST7sc: All versions 3.2 VULNERABILITY ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: POWER METER SICAM Q200 family Vulnerabilities: Session Fixation, Improper Input Validation, Cross-Site Request Forgery, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to remote code execution or denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports these vulnerabilities were identified in the webserver of the following Q200 devices: POWER METER SICAM Q200 family: versions prior to V2.70 3.2 VULNERABILITY OVERVIEW 3.2.1 SESSION FIXATION CWE-384 ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Totally Integrated Automation (TIA) Portal Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project, without the knowledge of the know-how protection password. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: Totally Integrated Automation Portal (TIA Portal) V14: All versions Totally Integrated Automation Portal (TIA Portal) V15: All versions Totally Integrated Automation Por...
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Edge Gateway Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to cause the program to crash, causing a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following FactoryTalk Edge Gateway products: FactoryTalk Edge Gateway: v1.3 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 An out of bounds array read vulnerability was fixed in the apr_time_exp*() function in the Apache Portable Runtime v1.6.3 (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. CVE-2021-35940 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/...
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Datalogics Equipment: Library APDFL v18.0.4PlusP1e Vulnerability: Stack-based buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Datalogics library versions are affected: Library APDFL v18.0.4PlusP1e and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 The affected product has a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process. CVE-2023-1709 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Italy 3.4 RESEARCHER Siemens rep...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the application to crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The user would need to restart the application to recover from the denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following FactoryTalk Transaction Manager products: FactoryTalk Transaction Manager: versions 13.10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 A denial-of-service vulnerability exists in the affected products. A threat actor could send a modified packet to port 400 exploit this vulnerability. If exploited, the application could crash or experience a h...