us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: APOGEE PXC and TALON TC Series Vulnerability: Expected Behavior Violation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a partial denial of service and reduce network availability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens APOGEE PXC+TALON TC Series: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPECTED BEHAVIOR VIOLATION CWE-440 The affected devices start sending unsolicited BACnet broadcast messages after processing a specific ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIRIUS 3RK3 Modular Safety System (MSS), SIRIUS Safety Relays 3SK2 Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Encryption of Sensitive Data, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve and de-obfuscate safety password, eavesdrop connections, or retrieve sensitive information from certain data records. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIRIUS 3RK3 ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Path Traversal: '.../...//', Use of Uninitialized Variable, NULL Pointer Dereference, Out-of-bounds Read, Stack-based Buffer Overflow, Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could affect the confidentiality, integrity, and availabil...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: User Management Component (UMC) Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC PCS neo V4.1: All versions Siemens SIMATIC PCS neo V5.0: All versions Siemens SINEC NMS: All versions Siemens SINEMA Remote Connect: All versions Siemens Totally Integrated Automation Portal (TIA Port...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: ECOVACS Equipment: DEEBOT Vacuum and Base Station Vulnerabilities: Use of Hard-coded Cryptographic Key, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send malicious updates to the devices or execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ECOVACS reports the following DEEBOT vacuum and base station devices are affected: X1S PRO: Versions prior to 2.5.38 X1 PRO OMNI: Versions prior to 2.5.38 X1 OMNI: Versions prior to 2.4.45 X1 TURBO: Versions prior to 2.4.45 T10 Series: Versions prior to 1.11.0 T20 Series: Versions prior to 1.25.0 T30 Series: Versions prior to 1.100.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Use of Hard-coded Cryptographic Key CWE-321 ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK. The key can be easily derived f...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix OIDC SSO Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify the system and gain administrator read/write privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens Mendix OIDC SSO (Mendix 9 compatible): All versions Siemens Mendix OIDC SSO (Mendix 10 compatible): All versions before V4.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PRIVILEGE ASSIGNMENT CWE-266 The Mendix OIDC SSO module grants read and write access to all...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ABB Equipment: Automation Builder Vulnerabilities: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to overrule the Automation Builder's user management. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Automation Builder are affected: Automation Builder: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 The affected products store all user management information in the project file. Despite the password data being fully encrypted, an attacker could try to modify parts of the Automation Builder project file by specially crafting contents so the user management will be overruled. CVE-2025-3394 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MACH GWS products Vulnerabilities: Improper Neutralization of Special Elements in Data Query Logic, Improper Limitation of a Pathname to a Restricted Directory, Authentication Bypass by Capture-replay, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject code, read or modify files, hijack user sessions, or access exposed ports without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy products are affected: MACH GWS: Version 2.1.0.0 (CVE-2024-4872, CVE-2024-3980) MACH GWS: Versions 2.2.0.0 to 2.4.0.0 (CVE-2024-4872, CVE-2024-3980) MACH GWS: Versions 3.0.0.0 to 3.3.0.0 (CVE-2024-4872, CVE-2024-3980, CVE-2024-3982) MACH GWS: Versions 3.1.0.0 to 3.3.0.0 (CVE-2024-7940) 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Service Suite Vulnerabilities: Use of Less Trusted Source, Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Integer Overflow or Wraparound, Out-of-bounds Write, Allocation of Resources Without Limits or Throttling, Exposure of Sensitive Information to an Unauthorized Actor, Memory Allocation with Excessive Size Value, Out-of-bounds Read, Uncontrolled Resource Consumption, Improper Resource Shutdown or Release, Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to compromise the confidentiality, integrity, or availability of affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Service Suite: Versions 9.8.1.3 and prior 3.2 VULN...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Series Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability can allow an attacker to reboot the device and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Relion 670/650/SAM600-IO series: Versions 2.2.2.0 up to but not including 2.2.2.6 Relion 670/650/SAM600-IO series: Versions 2.2.3.0 up to but not including 2.2.3.7 Relion 670/650/SAM600-IO series: Versions 2.2.4.0 up to but not including 2.2.4.4 Relion 670/650/SAM600-IO series: Versions 2.2.5.6 up to but not including 2.2.5.6 Relion 670/650/SAM600-IO series: 2.2.0.x Relion 670/650/SAM600-IO series: 2.2.1.x 3.2 VULNERABILITY OVERVIEW 3.2.1 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-12...