#dos

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: Industrial Products  Vulnerabilities: Use After Free, Deadlock, Allocation of Resources Without Limits or Throttling  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): All versions  SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions  SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants): All versions  SIMATIC CP 1243-1 IEC (incl. SIPLUS variants): All v...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SCALANCE XCM332  Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-bounds Write, and Improper Validation of Syntactic Correctness of Input  2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition, code execution, data injection, and allow unauthorized access.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE XCM332 (6GK5332-0GA01-2AC2): Versions prior to 2.2  3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770  In versions of libtirpc prior to 1.3.3rc1, remote attackers could exhaust the file descriptors of a process using libtirpc due to mishandling of idle TC...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Mitsubishi Electric India  Equipment: GC-ENET-COM  Vulnerability: Signal Handler Race Condition   2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a communication error and may result in a denial-of-service condition.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric India Ethernet communication Extension unit GC-ENET-COM, are affected:  Mitsubishi Electric India GC-ENET-COM: Models with the beginning serial number 16XXXXXXXXX.  3.2 VULNERABILITY OVERVIEW 3.2.1 SIGNAL HANDLER RACE CONDITION CWE-364  A vulnerability exists in the Ethernet communication Extension unit (GC-ENET-COM) of GOC35 series due to a signal handler race condition. If a malicious attacker sends a large number of specially crafted packets, communication errors could occur and could result in a denial-of-service condition when GC-ENET-COM is configured a...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SIPROTEC 5 Devices  Vulnerability: NULL Pointer Dereference  2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition of the target device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIPROTEC 5 6MD85 (CP200): All versions (v)  SIPROTEC 5 6MD85 (CP300): All versions prior to v9.40  SIPROTEC 5 6MD86 (CP200): All versions  SIPROTEC 5 6MD86 (CP300): All versions prior to v9.40  SIPROTEC 5 6MD89 (CP300): All versions  SIPROTEC 5 6MU85 (CP300): All versions prior to v9.40  SIPROTEC 5 7KE85 (CP200): All versions  SIPROTEC 5 7KE85 (CP300): All versions prior to v9.40  SIPROTEC 5 7SA82 (CP100): All versions  SIPROTEC 5 7SA82 (CP150): All versions prior to v9.40  SIPROTEC 5 7SA84 (CP200): All versions  SIPROTEC 5 7SA86 (CP200): All versions  SIPROTEC 5 7SA86 (CP300): All versions pr...

OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure." To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities discovered in its product in exchange for rewards ranging from "$200 for low-severity findings to up to

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.