us-cert

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: CPCI85 Firmware of SICAM A8000 Devices  Vulnerability: Improper Neutralization of Special Elements used in a Command ('Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05  CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to CPCI85 V05  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77  Affected devices are vulnerable to command injection via the web server port 443/TCP if the parameter “Remote Operation” is enabled; this parameter is disabled by default. This vulnerability could allow an unauthenticated remote at...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: Industrial Products  Vulnerabilities: Use After Free, Deadlock, Allocation of Resources Without Limits or Throttling  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): All versions  SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions  SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants): All versions  SIMATIC CP 1243-1 IEC (incl. SIPLUS variants): All v...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens   Equipment: SCALANCE X-200, X-200IRT, and X-300 Switch Families  Vulnerabilities: Integer Overflow or Wraparound  2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to memory corruption.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports these vulnerabilities affect the following SCALANCE Switch Family products:  SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2  SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2  SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2  SCALA...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SCALANCE XCM332  Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-bounds Write, and Improper Validation of Syntactic Correctness of Input  2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition, code execution, data injection, and allow unauthorized access.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE XCM332 (6GK5332-0GA01-2AC2): Versions prior to 2.2  3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770  In versions of libtirpc prior to 1.3.3rc1, remote attackers could exhaust the file descriptors of a process using libtirpc due to mishandling of idle TC...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/high attack complexity  Vendor: Siemens   Equipment: Polarion ALM  Vulnerability: Improper Restriction of XML External Entity Reference  2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to potentially disclose confidential data.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens Polarion ALM products are affected:  Polarion ALM: all versions prior to V2304.0  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611  The application contains an XML external entity injection (XXE) vulnerability. This could allow an attacker t...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Mitsubishi Electric India  Equipment: GC-ENET-COM  Vulnerability: Signal Handler Race Condition   2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a communication error and may result in a denial-of-service condition.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric India Ethernet communication Extension unit GC-ENET-COM, are affected:  Mitsubishi Electric India GC-ENET-COM: Models with the beginning serial number 16XXXXXXXXX.  3.2 VULNERABILITY OVERVIEW 3.2.1 SIGNAL HANDLER RACE CONDITION CWE-364  A vulnerability exists in the Ethernet communication Extension unit (GC-ENET-COM) of GOC35 series due to a signal handler race condition. If a malicious attacker sends a large number of specially crafted packets, communication errors could occur and could result in a denial-of-service condition when GC-ENET-COM is configured a...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SIPROTEC 5 Devices  Vulnerability: NULL Pointer Dereference  2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition of the target device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIPROTEC 5 6MD85 (CP200): All versions (v)  SIPROTEC 5 6MD85 (CP300): All versions prior to v9.40  SIPROTEC 5 6MD86 (CP200): All versions  SIPROTEC 5 6MD86 (CP300): All versions prior to v9.40  SIPROTEC 5 6MD89 (CP300): All versions  SIPROTEC 5 6MU85 (CP300): All versions prior to v9.40  SIPROTEC 5 7KE85 (CP200): All versions  SIPROTEC 5 7KE85 (CP300): All versions prior to v9.40  SIPROTEC 5 7SA82 (CP100): All versions  SIPROTEC 5 7SA82 (CP150): All versions prior to v9.40  SIPROTEC 5 7SA84 (CP200): All versions  SIPROTEC 5 7SA86 (CP200): All versions  SIPROTEC 5 7SA86 (CP300): All versions pr...

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable with adjacent access  Vendor: Siemens  Equipment: SCALANCE X-200IRT Devices  Vulnerability: Inadequate Encryption Strength  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker in a machine-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2  SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2  SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2  SCALANCE X202-2IRT (6GK5202-2BB00-2BA3): All versions prior to V5.5.2  SCALANCE X202-2IRT (6GK5202-2BB10-2BA3): All versions prior to V5.5.2  SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): All versions prior to V5.5.2  SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity   Vendor: Siemens   Equipment: OPC Foundation Local Discovery Server  Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a malicious file loaded by OPC Foundation Local Discovery Server (running as a high-privilege user).  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  OpenPCS 7 V9.1: All versions   SIMATIC NET PC Software V14: All versions  SIMATIC NET PC Software V15: All versions  SIMATIC NET PC Software V16: All versions  SIMATIC NET PC Software V17: All versions  SIMATIC NET PC Software V18: All versions  SIMATIC Process Historian OPC UA Server: All versions  SIMATIC WinCC: All versions prior to V8.0  SIMATIC WinCC Runtime Professional: All versions  SIMATIC WinCC Unified PC Runtime: All versions prior to V18.0 UPD 1 SR 1  TeleControl Server Basic V3: All versions  3.2 VULNERABILITY...

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity  Vendor: Siemens  Equipment: TIA Portal  Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  TIA Portal V15: All versions  TIA Portal V16: All versions  TIA Portal V17: All versions  TIA Portal V18: All versions prior to v18 Update 1  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20  Affected products contain a path traversal vulnerability that could allow the creation or overwriting of arbitrary files in the engineering system. If the user is tricked into opening a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.  CVE-2023-26293 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS...