us-cert

1. EXECUTIVE SUMMARY CVSS v3 9.9  ATTENTION: Exploitable remotely/low attack complexity  Vendor: Hitachi Energy  Equipment: MicroSCADA System Data Manager SDM600  Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Improper Authorization, Improper Resource Shutdown or Release, Improper Privilege Management  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s MicroSCADA SDM600, a data management tool, are affected:  SDM600: Versions prior to v1.2 FP3 HF4 (Build Nr. 1.2.23000.291)  SDM600: Versions prior to v1.3.0 (Build Nr. 1.3.0.1339)  3.2 VULNERABILITY OVERVIEW 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434  A vulnerability exists in the affected SDM600 versions file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially cra...

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Nexx Equipment: Garage Door Controller, Smart Plug, Smart Alarm Vulnerabilities: Use of Hard-coded Credentials, Authorization Bypass through User-controlled Key, Improper Input Validation, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to receive sensitive information, execute application programmable interface (API) requests, or hijack devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Nexx Smart Home devices are affected: Nexx Garage Door Controller (NXG-100B, NXG-200): Version nxg200v-p3-4-1 and prior Nexx Smart Plug (NXPG-100W): Version nxpg100cv4-0-0 and prior Nexx Smart Alarm (NXAL-100): Version nxal100v-p1-9-1and prior 3.2 VULNERABILITY OVERVIEW 3.2.1    USE OF HARD-CODED CREDENTIALS CWE-798 CVE-2023-1748 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculat...

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: IEC 61850 MMS-Server Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions Hitachi Energy equipment using the IEC 61850 communication stack are affected: TXpert Hub CoreTec 4 version 2.0.x TXpert Hub CoreTec 4 version 2.1.x TXpert Hub CoreTec 4 version 2.2.x TXpert Hub CoreTec 4 version 2.3.x TXpert Hub CoreTec 4 version 2.4.x TXpert Hub CoreTec 4 version 3.0.x TXpert Hub CoreTec 5 version 3.0.x Tego1_r15b08 (FOX615 System Release R15B) Tego1_r2a16_03 (FOX615 System Release R14A) Tego1_r2a16 Tego1_r1e01 Tego1_r1d02 Tego1_r1c07 Tego1_r1b02 GMS600 version 1.3 Relion 670 1.2 (Limited) Relion 670 2.0 (Limited) Relion 650 version 1.1 (Limited) Relion...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: SAUTER  Equipment: EY-modulo 5 Building Automation Stations  Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous Type  2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to privilege escalation, unauthorized execution of actions, a denial-of-service condition, or retrieval of sensitive information.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SAUTER reports these vulnerabilities affect the following EY-modulo 5 Building Automation Stations:   EY-AS525F001 with moduWeb  3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79  An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context.  CVE-2023-28650 has been assi...

1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity   Vendor: RoboDK  Equipment: RoboDK  Vulnerability: Incorrect Permission Assignment for Critical Resource  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges, which could allow attackers to write files to the RoboDK directory and achieve code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of RoboDK, a programming and simulation software, are affected:  RoboDK v5.5.3 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT OR CRITICAL RESOURCE CWE-732  RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.   CVE-2023-1516 has been assigned to this vulnerability. A CVSS v3 base score of 7.9 has been calculated; the CVSS vector string is (A...

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Schneider Electric  Equipment: IGSS (Interactive Graphical SCADA System)   Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, Deserialization of Untrusted Data, Improper Limitation of a Pathname to a Restricted Directory, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition, as well as the loss, addition, or modification of dashboards or report files in the IGSS Report folder. Successful exploitation of these vulnerabilities could also allow remote code execution, potentially resulting in loss of control of the supervisory control and data acquisition (SCADA) System with IGSS running in production mode. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports these vulnerabilities affect the following Data Server, Dashboard and Cu...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity  Vendor: CP Plus  Equipment: KVMS Pro  Vulnerability: Insufficiently Protected Credentials  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive credentials and control the entire CCTV system.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CP Plus KVMS Pro, a software management platform, are affected:   KVMS Pro V2.01.0.T.190521 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522   CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.    CVE-2023-1518 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).  3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities  COUNTRIES/AREAS DEPLOYED: Worldwide  ...

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity  Vendor: ABB  Equipment: Pulsar Plus Controller   Vulnerabilities: Use of Insufficiently Random Values, Cross-Site Request Forgery (CSRF)  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take control of the product or execute arbitrary code.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ABB Pulsar Plus Controller, are affected:  ABB Infinity DC Power Plant – H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415  ABB Pulsar Plus System Controller – NE843_S – comcode 150042936  3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352  There are several fields in the web pages where a user can enter arbitrary text, such as a description of an alarm or a rectifier. These represent a cross site scripting vulnerability where JavaScript code can be entered as the description with the potential of causing...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available  Vendor: ProPump and Controls, Inc.  Equipment: Osprey Pump Controller  Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of Hard-coded Password, OS Command Injection, Cross-site Scripting, Authentication Bypass using an Alternate Path or Channel, Cross-Site Request Forgery, Command Injection  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, retrieve sensitive information, modify data, cause a denial-of-service, and/or gain administrative control.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Osprey Pump Controller, pumping systems, and automated controls is affected:  Osprey Pump Controller version 1.01  3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT ENTROPY CWE-331  Osprey Pump Controller version 1.01 is vulnerable to a predicta...

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Sever Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges in the affected device’s default configuration, resulting in remote code execution or deleting system files and folders. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Keysight monitoring products are affected: N6854A Geolocation Server versions 2.4.2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1    DESERIALIZATION OF UNTRUSTED DATA CWE-502 N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. CVE-2023-1399 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string ...