Source
us-cert
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: APC Easy UPS Online Monitoring Software, Schneider Electric Easy UPS Online Monitoring Software Vulnerabilities: Missing Authentication for Critical Function, Improper Handling of Case Sensitivity 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution, escalation of privileges, or authentication bypass, which then result in malicious web code execution or loss of device functionality. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Easy UPS Online Monitoring Software for Windows 10, 11, Windows Server 2016, 2019, 2022 are affected: APC Easy UPS Online Monitoring Software: Version V2.5-GA-01-22320 and prior Schneider Electric Easy UPS Online Monitoring Software: Version V2.5-GA-01-22320 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 A v...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ Series Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information in the file system and memory. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron CS/CJ series, programmable logic controllers, are affected: SYSMAC CJ2H-CPU6[]-EIP: all versions SYSMAC CJ2H-CPU6[]: all versions SYSMAC CJ2M-CPU[][]: all versions SYSMAC CJ1G-CPU[][]P: all versions SYSMAC CS1H-CPU[][]H: all versions SYSMAC CS1G-CPU[][]H: all versions SYSMAC CS1D-CPU[][]HA: all versions SYSMAC CS1D-CPU[][]H: all versions SYSMAC CS1D-CPU[][]SA: all versions SYSMAC CS1D-CPU[][]S: all versions SYSMAC CS1D-CPU[][]P: all versions 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 Omron CS/CJ series programmable...
1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Adaptec maxView Application Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to decrypt intercepted local traffic between the browser and the application. A local attacker could perform a machine-in-the-middle attack to modify data in transit. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: SIMATIC IPC1047: All versions SIMATIC IPC1047E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows SIMATIC IPC647D: All versions SIMATIC IPC647E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows SIMATIC IPC847D: All versions SIMATIC IPC847E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF S...
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: TIA Portal Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: TIA Portal V15: All versions TIA Portal V16: All versions TIA Portal V17: All versions TIA Portal V18: All versions prior to v18 Update 1 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Affected products contain a path traversal vulnerability that could allow the creation or overwriting of arbitrary files in the engineering system. If the user is tricked into opening a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. CVE-2023-26293 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Use After Free, Deadlock, Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): All versions SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants): All versions SIMATIC CP 1243-1 IEC (incl. SIPLUS variants): All v...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-200, X-200IRT, and X-300 Switch Families Vulnerabilities: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to memory corruption. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports these vulnerabilities affect the following SCALANCE Switch Family products: SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2 SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2 SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2 SCALA...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE XCM332 Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-bounds Write, and Improper Validation of Syntactic Correctness of Input 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition, code execution, data injection, and allow unauthorized access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: SCALANCE XCM332 (6GK5332-0GA01-2AC2): Versions prior to 2.2 3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770 In versions of libtirpc prior to 1.3.3rc1, remote attackers could exhaust the file descriptors of a process using libtirpc due to mishandling of idle TC...
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT Open and JT Utilities Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens software is affected: JT Open: All versions prior to V11.3.2.0 JT Utilities: All versions prior to V13.3.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected applications contain an out-of-bounds read vulnerability past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. CVE-2023-29053 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS...
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable with adjacent access Vendor: Siemens Equipment: SCALANCE X-200IRT Devices Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker in a machine-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2 SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2 SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2 SCALANCE X202-2IRT (6GK5202-2BB00-2BA3): All versions prior to V5.5.2 SCALANCE X202-2IRT (6GK5202-2BB10-2BA3): All versions prior to V5.5.2 SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): All versions prior to V5.5.2 SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA...
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric India Equipment: GC-ENET-COM Vulnerability: Signal Handler Race Condition 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a communication error and may result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric India Ethernet communication Extension unit GC-ENET-COM, are affected: Mitsubishi Electric India GC-ENET-COM: Models with the beginning serial number 16XXXXXXXXX. 3.2 VULNERABILITY OVERVIEW 3.2.1 SIGNAL HANDLER RACE CONDITION CWE-364 A vulnerability exists in the Ethernet communication Extension unit (GC-ENET-COM) of GOC35 series due to a signal handler race condition. If a malicious attacker sends a large number of specially crafted packets, communication errors could occur and could result in a denial-of-service condition when GC-ENET-COM is configured a...