us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from adjacent network Vendor: Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc. Equipment: Kantech Gen1 ioSmart card reader Vulnerability: Missing Release of Memory after Effective Lifetime 2. RISK EVALUATION An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's communication memory between the card and reader. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Kantech Gen1 ioSmart card reader are affected: Kantech Gen1 ioSmart card reader: firmware versions prior to 1.7.2 3.2 Vulnerability Overview 3.2.1 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401 Kantech Gen1 ioSmart card readers with firmware versions prior to 1.7.2 do not properly release memory after its effective lifetime. An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's com...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC and SIPLUS products Vulnerabilities: Uncontrolled Recursion, Buffer Access with Incorrect Length Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized attacker with network access to the web server to perform a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0): All versions SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0): All versions SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES74...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Vendor: Schneider Electric Equipment: Easy UPS Online Monitoring Software Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary file deletion with system privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following versions of Easy UPS Online Monitoring Software are affected: Easy UPS Online Monitoring Software (Windows 10, 11, Windows 3.2 Vulnerability Overview 3.2.1 Path Traversal CWE-22 A path traversal vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. CVE-2023-6407 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOY...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Vendor: Schneider Electric Equipment: Easy UPS Online Monitoring Software Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary file deletion with system privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following versions of Easy UPS Online Monitoring Software are affected: Easy UPS Online Monitoring Software (Windows 10, 11, Windows 3.2 Vulnerability Overview 3.2.1 Path Traversal CWE-22 A path traversal vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. CVE-2023-6407 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOY...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys and Facility Explorer Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service by sending invalid credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Johnson Controls Metasys and Facility Explorer are affected: Metasys NAE55 engines: Versions prior to 12.0.4 Metasys SNE engines: Versions prior to 12.0.4 Metasys SNC engines: Versions prior to 12.0.4 Facility Explorer F4-SNC: Versions prior to 11.0.6 Facility Explorer F4-SNC: Versions prior to 12.0.4 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys and Facility Explorer products to cause denial-of-service. CVE-...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Mitsubishi Electric Equipment: MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities: Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious attacker to disclose information in the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following versions of FA Engineering Software Products are affected. For the correspondence table of the affected products and each vulnerability, refer to Mitsubishi Electric's security bulletin. MELIPC MI5122-VW: All Versions MELIPC MI2012-W: All Versions MELIPC MI1002-W: All Versions MELIPC MI3321G-W: All Versions MELIPC MI3315G-W: All Versions MELSEC iQ-R R102WCPU-W: All Versions MELSEC Q Q24DHCCPU-V: All Versions MELSEC Q Q24DHCCPU-VG: All Versions MELSEC Q Q24DHCCPU-LS: All Versions MELSEC Q Q26DHCCPU-LS: All Versions 3.2 Vu...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: ControlByWeb Equipment: X-332 and X-301 Vulnerability: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to run malicious code during a user's session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ControlByWeb Relay are affected: X-332-24I: Firmware 1.06 X-301-I: Firmware 1.15 X-301-24I: Firmware 1.15 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session. CVE-2023-6333 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sierra Wireless Equipment: AirLink Vulnerabilities: Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution to take full control of the device, steal credentials through a cross site scripting attack, or crash the device being accessed through a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Sierra Wireless AirLink router with ALEOS firmware are affected: AirLink ALEOS firmware: All versions prior to 4.9.9 AirLink ALEOS firmware: All versions prior to 4.17.0 3.2 Vulnerability Overview 3.2.1 LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL-411L Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability could expose authorized users to clickjacking attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the Schweitzer Engineering Laboratories SEL-411L are affected: R118: V0 - V4 R119: V0 - V5 R120: V0 - V6 R121: V0 - V3 R122: V0 - V3 R123: V0 - V3 R124: V0 - V3 R125: V0 - V3 R126: V0 - V4 R127: V0 - V2 R128: V0 - V1 R129: V0 - V1 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking-based attacks against an authenticated and authorized user. CVE-2023-2265 has been a...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Zebra Technologies Equipment: ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Zebra ZTC industrial and desktop printers are affected: ZTC Industrial ZT410: All versions ZTC Desktop GK420d: All versions 3.2 Vulnerability Overview 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 A vulnerability of authentication bypass has been found in Zebra Technologies ZTC Industrial ZT410 and ZTC Desktop GK420d. This vulnerability allows an attacker that is in the same network as the printer to change the username and password for the web page by sending a ...