us-cert

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: IEC 61850 MMS-Server Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions Hitachi Energy equipment using the IEC 61850 communication stack are affected: TXpert Hub CoreTec 4 version 2.0.x TXpert Hub CoreTec 4 version 2.1.x TXpert Hub CoreTec 4 version 2.2.x TXpert Hub CoreTec 4 version 2.3.x TXpert Hub CoreTec 4 version 2.4.x TXpert Hub CoreTec 4 version 3.0.x TXpert Hub CoreTec 5 version 3.0.x Tego1_r15b08 (FOX615 System Release R15B) Tego1_r2a16_03 (FOX615 System Release R14A) Tego1_r2a16 Tego1_r1e01 Tego1_r1d02 Tego1_r1c07 Tego1_r1b02 GMS600 version 1.3 Relion 670 1.2 (Limited) Relion 670 2.0 (Limited) Relion 650 version 1.1 (Limited) Relion...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: SAUTER  Equipment: EY-modulo 5 Building Automation Stations  Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous Type  2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to privilege escalation, unauthorized execution of actions, a denial-of-service condition, or retrieval of sensitive information.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SAUTER reports these vulnerabilities affect the following EY-modulo 5 Building Automation Stations:   EY-AS525F001 with moduWeb  3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79  An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context.  CVE-2023-28650 has been assi...

1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity   Vendor: RoboDK  Equipment: RoboDK  Vulnerability: Incorrect Permission Assignment for Critical Resource  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges, which could allow attackers to write files to the RoboDK directory and achieve code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of RoboDK, a programming and simulation software, are affected:  RoboDK v5.5.3 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT OR CRITICAL RESOURCE CWE-732  RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.   CVE-2023-1516 has been assigned to this vulnerability. A CVSS v3 base score of 7.9 has been calculated; the CVSS vector string is (A...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Schneider Electric  Equipment: IGSS (Interactive Graphical SCADA System)   Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, Deserialization of Untrusted Data, Improper Limitation of a Pathname to a Restricted Directory, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition, as well as the loss, addition, or modification of dashboards or report files in the IGSS Report folder. Successful exploitation of these vulnerabilities could also allow remote code execution, potentially resulting in loss of control of the supervisory control and data acquisition (SCADA) System with IGSS running in production mode. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports these vulnerabilities affect the following Data Server, Dashboard and Cu...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity  Vendor: CP Plus  Equipment: KVMS Pro  Vulnerability: Insufficiently Protected Credentials  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive credentials and control the entire CCTV system.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CP Plus KVMS Pro, a software management platform, are affected:   KVMS Pro V2.01.0.T.190521 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522   CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.    CVE-2023-1518 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).  3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities  COUNTRIES/AREAS DEPLOYED: Worldwide  ...

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity  Vendor: ABB  Equipment: Pulsar Plus Controller   Vulnerabilities: Use of Insufficiently Random Values, Cross-Site Request Forgery (CSRF)  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take control of the product or execute arbitrary code.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ABB Pulsar Plus Controller, are affected:  ABB Infinity DC Power Plant – H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415  ABB Pulsar Plus System Controller – NE843_S – comcode 150042936  3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352  There are several fields in the web pages where a user can enter arbitrary text, such as a description of an alarm or a rectifier. These represent a cross site scripting vulnerability where JavaScript code can be entered as the description with the potential of causing...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available  Vendor: ProPump and Controls, Inc.  Equipment: Osprey Pump Controller  Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of Hard-coded Password, OS Command Injection, Cross-site Scripting, Authentication Bypass using an Alternate Path or Channel, Cross-Site Request Forgery, Command Injection  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, retrieve sensitive information, modify data, cause a denial-of-service, and/or gain administrative control.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Osprey Pump Controller, pumping systems, and automated controls is affected:  Osprey Pump Controller version 1.01  3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT ENTROPY CWE-331  Osprey Pump Controller version 1.01 is vulnerable to a predicta...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Sever Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges in the affected device’s default configuration, resulting in remote code execution or deleting system files and folders. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Keysight monitoring products are affected: N6854A Geolocation Server versions 2.4.2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1    DESERIALIZATION OF UNTRUSTED DATA CWE-502 N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. CVE-2023-1399 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens ProductCERT  Equipment: RADIUS client of SIPROTEC 5 devices  Vulnerability: Loop with Unreachable Exit Condition ('Infinite Loop')  2. RISK EVALUATION The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial-of-service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIPROTEC 5 6MD85 (CP300) - >= V7.80 = V7.80 = V7.80  SIPROTEC 5 6MU85 (CP300) - >= V7.90 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 =...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Deserialization of Untrusted Data, Improper Access Control, Exposed Dangerous Method or Function, Path Traversal, Improper Authentication, Command Injection, Incorrect Permission Assignment for Critical Resource, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of InfraSuite Device Master, a real-time device monitoring software, are affected: Versions prior to 1.0.5 3.2 VULNERABILITY OVERVIEW 3.2.1    DESERIALIZATION OF UNTRUSTED DATA CWE-502 Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-stat...