Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: OPC Foundation Local Discovery Server Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a malicious file loaded by OPC Foundation Local Discovery Server (running as a high-privilege user). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: OpenPCS 7 V9.1: All versions SIMATIC NET PC Software V14: All versions SIMATIC NET PC Software V15: All versions SIMATIC NET PC Software V16: All versions SIMATIC NET PC Software V17: All versions SIMATIC NET PC Software V18: All versions SIMATIC Process Historian OPC UA Server: All versions SIMATIC WinCC: All versions prior to V8.0 SIMATIC WinCC Runtime Professional: All versions SIMATIC WinCC Unified PC Runtime: All versions prior to V18.0 UPD 1 SR 1 TeleControl Server Basic V3: All versions 3.2 VULNERABILITY...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/high attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to potentially disclose confidential data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens Polarion ALM products are affected: Polarion ALM: all versions prior to V2304.0 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 The application contains an XML external entity injection (XXE) vulnerability. This could allow an attacker t...
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: ROBOGUIDE-HandlingPRO Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and/or overwrite files on the system running the affected software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ROBOGUIDE-HandlingPRO, a robot simulation software, are affected: ROBOGUIDE-HandlingPRO: Versions 9 Rev.ZD and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITA8TION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software. CVE-2023-1864 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). 3.3 BACKGROUND CRITIC...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Screen Creator Advance 2 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of JTEKT ELECTRONICS Screen Creator Advance 2, a software program, are affected: JTEKT ELECTRONICS Screen Creator Advance 2: Ver0.1.1.4 Build01 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 When an out-of-specification error is detected, an out-of-bounds write may occur because there is no error handling process. CVE-2023-22345 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds read may occur ...
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Korenix Equipment: Jetwave Vulnerabilities: Command Injection, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the underlying operating system of the device or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Korenix Jetwave, are affected: Korenix JetWave4221 HP-E versions V1.3.0 and prior Korenix JetWave 3220/3420 V3 versions prior to V1.7 Korenix JetWave 2212G version V1.3.T Korenix JetWave 2212X/2112S version V1.3.0 Korenix JetWave 2211C versions prior to V1.6 Korenix JetWave 2411/2111 versions prior to V1.5 Korenix JetWave 2411L/2111L versions prior to V1.6 Korenix JetWave 2414/2114 versions prior to V1.4 Korenix JetWave 2424 versions prior to V1.3 Korenix JetWave 2460 versions prior to V1.6 3.2 VULNERABILITY OVERVIE...
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Industrial Control Links Equipment: ScadaFlex II SCADA Controllers Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to overwrite, delete, or create files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Industrial Control Links ScadaFlex II SCADA Controllers are affected: SW: 1.03.07 (build 317), WebLib: 1.24 SW: 1.02.20 (build 286), WebLib: 1.24 SW: 1.02.15 (build 286), WebLib: 1.22 SW: 1.02.01 (build 229), WebLib: 1.16 SW: 1.01.14 (build 172), WebLib: 1.14 SW: 1.01.01 (build 2149), WebLib: 1.13 3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73 On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 devices, unauthenticated remote attackers can overwrite, delete, or create files. This allows an atta...
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: mySCADA Technologies Equipment: mySCADA myPRO Vulnerabilities: OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated user to inject arbitrary operating system commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of myPRO HMI/SCADA systems are affected: myPRO: versions 8.26.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OS COMMAND INJECTION CWE-78 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. CVE-2023-28400 has been assigned to this vulnerability. A CVSS v3 base score of 9.9 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). 3.2.2 OS COMMAND INJECTION CWE-78 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated use...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Kostac PLC Programming Software Vulnerabilities: Out-of-bounds Read, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of JTEKT ELECTRONICS Kostac PLC Programming Software are affected: JTEKT ELECTRONICS Kostac PLC Programing Software: Versions 1.6.9.0 and earlier 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 When a specially crafted project file is opened, out-of-bounds read occurs when processing a comment block in stage information because the end of data cannot be verified. CVE-2023-22419 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 OUT-OF-BOUNDS READ CWE-12...
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA System Data Manager SDM600 Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Improper Authorization, Improper Resource Shutdown or Release, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s MicroSCADA SDM600, a data management tool, are affected: SDM600: Versions prior to v1.2 FP3 HF4 (Build Nr. 1.2.23000.291) SDM600: Versions prior to v1.3.0 (Build Nr. 1.3.0.1339) 3.2 VULNERABILITY OVERVIEW 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434 A vulnerability exists in the affected SDM600 versions file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially cra...
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Nexx Equipment: Garage Door Controller, Smart Plug, Smart Alarm Vulnerabilities: Use of Hard-coded Credentials, Authorization Bypass through User-controlled Key, Improper Input Validation, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to receive sensitive information, execute application programmable interface (API) requests, or hijack devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Nexx Smart Home devices are affected: Nexx Garage Door Controller (NXG-100B, NXG-200): Version nxg200v-p3-4-1 and prior Nexx Smart Plug (NXPG-100W): Version nxpg100cv4-0-0 and prior Nexx Smart Alarm (NXAL-100): Version nxal100v-p1-9-1and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 CVE-2023-1748 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculat...