us-cert

1. EXECUTIVE SUMMARY ​CVSS v3 7.3 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Rockwell Automation ​Equipment: FactoryTalk Services Platform ​Vulnerabilities: Use of Hard-coded Cryptographic Key, Improper Authentication, Origin Validation Error 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to disclose information, load malicious configuration files, or elevate privileges from a user to an administrator. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Rockwell Automation products are affected: ​FactoryTalk Policy Manager: v6.11.0 ​FactoryTalk System Services: v6.11.0 3.2 VULNERABILITY OVERVIEW 3.2.1 ​USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321 ​Hard-coded cryptographic key vulnerabilities could lead to privilege escalation. FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. This vulnerability could allow a local authenticated non-admin user to generate an invalid a...

1. EXECUTIVE SUMMARY ​CVSS v3 8.3 ​ATTENTION: Exploitable via adjacent network ​Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. ​Equipment: Illustra Pro Gen 4 ​Vulnerability: Active Debug Code 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to compromise device credentials over a long period of sustained attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of Sensormatic Electronics Illustra Pro Gen 4 are affected: ​Pro Gen 4 Dome: Up to and including Illustra.SS016.05.09.04.0006 ​Pro Gen 4 PTZ: Up to and including Illustra.SS010.05.09.04.0022 3.2 VULNERABILITY OVERVIEW 3.2.1 ACTIVE DEBUG CODE CWE-489  ​Sensormatic Electronics Illustra Pro Gen 4 contains a debug feature that is incorrectly set to enabled on newly manufactured cameras. Under some circumstances, over a long period of sustained attack, this could allow compromise of device credentials. ​CVE-2023-0954 has been assigned to this vulnerabi...

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Atlas Copco Equipment: Power Focus 6000 Vulnerabilities: Cleartext Storage of Sensitive Information, Small Space of Random Values, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a loss of sensitive information and the takeover of a user’s active session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Power Focus 6000, a smart connected assembly product, are affected: Power Focus 6000: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312 Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller. CVE-2023-1897 has been assigned to this vulnerability. A CVSS v3 base score of...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit a buffer overflow condition and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CNCSoft-B DOPSoft, a human machine interface (HMI), are affected: CNCSoft-B DOPSoft: versions 1.0.0.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. CVE-2023-25177 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 HEAP-BASED BUFFER OVERFLOW CWE-122 Delta Elect...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Password, Missing Password Field Masking, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to connect to the module via FTP and bypass authentication to log in. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports these vulnerabilities affect the following MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration tool:  RJ71EIP91: All versions SW1DNN-EIPCT-BD: All versions FX5-ENET/IP: All versions SW1DNN-EIPCTFX5-BD: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK PASSWORD REQUIREMENTS CWE-521 Authentication bypass vulnerability in FTP function on EtherNet/IP ...

1. EXECUTIVE SUMMARY CVSS v3 7.3  ATTENTION: Exploitable remotely/low attack complexity Vendor: HID Global Equipment: SAFE Vulnerabilities: Modification of Assumed-Immutable Data 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposure of personal data or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of HID’s SAFE, a personnel and access management software, are affected: HID SAFE using the optional External Visitor Manager portal: Versions 5.8.0 through 5.11.3 3.2 VULNERABILITY OVERVIEW 3.2.1 MODIFICATION OF ASSUMED-IMMUTABLE DATA CWE-471  The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the persona...

1. EXECUTIVE SUMMARY CVSS v3 7.2  ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess Node Vulnerabilities: Improper Control of Generation of Code ('Code Injection'), Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to arbitrarily overwrite files resulting in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Advantech products are affected: WebAccess/SCADA versions 9.1.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94 In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. CVE-2023-32540 has been assigned to this vulnerab...

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Insufficient Type Distinction 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker full control over the supervisory control and data acquisition (SCADA) server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Advantech reports this vulnerability affect the following WebAccess/SCADA product: WebAccess/SCADA: version 8.4.5 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT TYPE DISTINCTION CWE-351  If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.  CVE-2023-2866 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).  3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Man...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXsecurity Series Vulnerabilities: Command Injection and Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized user to bypass authentication or to execute arbitrary commands on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Moxa reports these vulnerabilities affect the following MXsecurity Series: MXsecurity Series: Software v1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 COMMAND INJECTION CWE-77 A remote attacker, who has gained authorization privileges, could execute arbitrary commands on the device. CVE-2023-33235 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798 An attacker could bypass authentication for web-based application programmable interfaces (APIs)...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the device being accessed or cause a denial-of-service condition.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s RTU500 Series Product, are affected:  For CVE-2023-0286, CVE-2022-4304   RTU500 series CMU Firmware: version 12.0.1 through 12.0.15  RTU500 series CMU Firmware: version 12.2.1 through 12.2.12   RTU500 series CMU Firmware: version 12.4.1 through 12.4.12   RTU500 series CMU Firmware: version 12.6.1 through 12.6.9   RTU500 series CMU Firmware: version 12.7.1 through 12.7.6   RTU500 series CMU Firmware: version 13.2.1 through 13.2.6   RTU500 series CMU Firmware: version 13.3.1 through ...