#web

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINUMERIK MC, SINUMERIK ONE Vulnerability: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SINUMERIK MC: All versions prior to V1.22 SINUMERIK ONE: All versions prior to V6.22 3.2 Vulnerability Overview 3.2.1 INTEGER OVERFLOW OR WRAPAROUND CWE-190 The OPC UA implementations (ANSI C and C++...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: LOGO! and SIPLUS LOGO! Products Vulnerability: Improper Protection against Electromagnetic Fault Injection (EM-FI) 2. RISK EVALUATION Successful exploitation of this vulnerability could cause an electromagnetic fault injection, which would allow an attacker to dump and debug the firmware including memory manipulation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: LOGO! 12/24RCE (6ED1052-1MD08-0BA1): Versions v8.3 and prior LOGO! 12/24RCEo (6ED1052-2MD08-0BA1): Versions v8.3 and prior LOGO! 24CE (6ED1052-1CC08-0BA1): Versions v8.3 ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC STEP 7 (TIA Portal) Vulnerability: Cleartext Storage of Sensitive Information in Memory 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens product is affected: SIMATIC STEP 7 (TIA Portal): All versions prior to V19 3.2 Vulnerability Overview 3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATI...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC and SIPLUS products Vulnerabilities: Uncontrolled Recursion, Buffer Access with Incorrect Length Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized attacker with network access to the web server to perform a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0): All versions SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0): All versions SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES74...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from adjacent network Vendor: Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc. Equipment: Kantech Gen1 ioSmart card reader Vulnerability: Missing Release of Memory after Effective Lifetime 2. RISK EVALUATION An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's communication memory between the card and reader. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Kantech Gen1 ioSmart card reader are affected: Kantech Gen1 ioSmart card reader: firmware versions prior to 1.7.2 3.2 Vulnerability Overview 3.2.1 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401 Kantech Gen1 ioSmart card readers with firmware versions prior to 1.7.2 do not properly release memory after its effective lifetime. An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's com...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Cambium Equipment: ePMP Force 300-25 Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Cambium ePMP Force 300-25 radio are affected: ePMP Force 300-25: version 4.7.0.1 3.2 Vulnerability Overview 3.2.1 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94 Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. CVE-2023-6691 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Communications COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Missing Encryption of Sensitive Data, Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Improper Input Validation, Out-of-bounds Write, Out-of-bounds Read, Infinite Loop, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Allocation of Resources Without Limits or ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINUMERIK MC, SINUMERIK ONE Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SINUMERIK MC: All versions SINUMERIK ONE: All versions 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial-of-service condition. A restart is needed to...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE M-800/S615 Family Vulnerabilities: Improper Validation of Specified Quantity in Input, Use of Hard-coded Cryptographic Key, Use of Weak Hash, Forced Browsing, Uncontrolled Resource Consumption, Unchecked Return Value, Injection, Unsynchronized Access to Shared Data in a Multithreaded Context, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject code or spawn a system root shell. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: RUGGEDCO...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Certificate Validation, Improper Input Validation, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Unexpected Status Code or Return Value, Missing Report of Error Condition, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition, intercept credentials, or escalate privileges on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The foll...