Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login to the product by sending specially crafted packets. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports this vulnerability affects the following MELSEC-F Series products if they are used with ethernet communication special adapter FX3U-ENET-ADP or ethernet communication block FX3U-ENET(-L). These products are sold in limited regions: FX3U-xMy/z x=16,32,48,64,80,128, y=T,R, z=ES,ESS,DS,DSS *1: All versions FX3U-32MR/UA1, FX3U-64MR/UA1 *1: All versions FX3U-32MS/ES, FX3U-64MS/ES *1: All versions FX3U-xMy/ES-A x=16,32,48,64,80,128, y=T,R *1*2: All versions FX3UC-xMT/z x=16,32,64,96, z=D,DSS *1: All versions FX3UC-16MR/D-T, FX3UC-16MR/DS-T *1: All versions FX3UC-32MT...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Improper Access Control, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges or remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products are affected: InfraSuite Device Master: Versions prior to 1.0.7 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284 An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. CVE-2023-34316 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.2 IMPROPER ACCESS CONTROL CWE-284 Delta Electronics In...
1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN, UNEM Products Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could permit an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN: Version R16A FOXMAN-UN: Version R15B FOXMAN-UN: Version R15A UNEM: Version R16A UNEM Version R15B UNEM: Version R15A The following version and sub-versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN: Version R14B FOXMAN-UN: Version R14A FOXMAN-UN: Version R11B FOXMAN-UN: Version R11A FOXMAN-UN: Version R10C FOXMAN-UN: Version R9C UNEM: Version R14B UNEM: Version R14A UNEM: Version R11B UNEM: Version R11A UNEM: Version R10C UNEM: Version R9C 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER OUTPUT ...
1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SpiderControl Equipment: SCADAWebServer Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SCADAWebServer are affected: SCADAWebServer: Versions 2.08 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. CVE-2023-3329 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vecto...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to authenticate as a valid user or access files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Advantech reports these vulnerabilities affects the following R-SeeNet monitoring application: R-SeeNet: versions 2.4.22 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Advantech R-SeeNet is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. CVE-2023-2611 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73 ...
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Enphase Installer Toolkit Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow sensitive information to be obtained by an attacker using hard-coded credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Installer Toolkit, a software application, is affected: Installer Toolkit: 3.27.0 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Enphase Installer Toolkit versions 3.27.0 and prior have hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. CVE-2023-32274 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Ener...
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Envoy Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain root access to the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Envoy, an energy monitoring device, is affected: Envoy: D7.0.88 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 Enphase Envoy versions D7.0.88 and prior are vulnerable to a command injection exploit that may allow an attacker to execute root commands. CVE-2023-33869 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United ...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker gaining remote file system access and achieving remote command execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech WebAccess/SCADA, a browser-based SCADA software package, are affected: WebAccess/SCADA: All versions prior to 9.1.4 3.2 VULNERABILITY OVERVIEW 3.2.1 UNTRUSTED POINTER DEREFERENCE CWE-822 All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. CVE-2023-1437 has been assigned to this vulnerability. A CVS...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 3.9 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC Products Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain unauthorized access to product control and data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: SIMATIC NET PC Software V14: All versions SIMATIC NET PC Software V15: All versions SIMATIC PCS 7 V8.2: All versions SIMATIC PCS 7 V9.0: All versions SIMATIC PCS 7 V9.1: All versions SIMATIC WinCC: All versions prior to V8.0 SINAUT Software ST7sc: All versions 3.2 VULNERABILITY ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: POWER METER SICAM Q200 family Vulnerabilities: Session Fixation, Improper Input Validation, Cross-Site Request Forgery, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to remote code execution or denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports these vulnerabilities were identified in the webserver of the following Q200 devices: POWER METER SICAM Q200 family: versions prior to V2.70 3.2 VULNERABILITY OVERVIEW 3.2.1 SESSION FIXATION CWE-384 ...