InduSoft Web Studio Directory Traversal Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on April 17, 2014, and is now being released to the NCCIC/ICS-CERT web site. ICS-CERT received a report from the Zero Day Initiative ZDI concerning a Directory Traversal vulnerability affecting the InduSoft Web Stud...

Sinapsi Devices Vulnerabilities

Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...

ICONICS GENESIS32/BizViz Security Configurator Authentication Bypass Vulnerability

Overview Dr. Wesley McGrew of Mississippi State University has identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications, specifically in the Security Configurator component. This vulnerability allows an attacker to bypass...

LOYTEC Electronics LINX Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : LOYTEC electronics GmbH Equipment : LINX series Vulnerabilities : Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function,...

Rockwell Automation FactoryTalk System Services and Policy Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk System Services and Policy Manager Vulnerabilities : Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Delta Electronics CNCSoft-B

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-B Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3...

Rockwell Automation FactoryTalk Linx

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Linx Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to information...

Mitsubishi Electric GT and GOT Series Products

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this...

Siemens SIMATIC MV500 Devices

1. EXECUTIVE SUMMARY ​CVSS v3 8.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: SIMATIC MV500 series devices ​Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Release of Memory after Effective Lifetime, Injection, Inadequat...

Mitsubishi Electric Multiple Factory Automation Products (Update D)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2...

Rockwell Automation Studio 5000 Logix Emulate

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Studio 5000 Logix Emulate Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious user to perform remote code execution,...

Siemens SINEC Network Management System Logback Component

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEC NMS Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to...

Emerson ROC800, ROC800L and DL8000

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: High attack complexity Vendor: Emerson Equipment: ROC800, ROC800L and DL8000 Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational...

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote...

Siemens SINUMERIK MC

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SINUMERIK MC Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to escalate privileges to root. 3. TECHNICAL DETAILS...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-22-069-13 Siemens Mendix that was published March 10, 2021, to...

Siemens SIMATIC ITC

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC ITC Products Vulnerabilities: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of these LibVNC vulnerabilities could allow remote code...

Siemens Mendix Studio Pro

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Studio Pro Vulnerabilities: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow authenticated attackers to manipulate the content of specific...

AVEVA PCS Portal

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Platform Common Services PCS Portal Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION The DLL hijacking vulnerability in the Platform Common Services PCS Portal, if exploited, could allow...

Siemens SIMATIC S7-1200 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 Devices Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-222-09 Siemens SIMATIC S7-1200 that was...

Johnson Controls Facility Explorer

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Facility Explorer Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated user an unintended...

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Hamilton-T1

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Low skill level to exploit Vendor: Hamilton Medical AG Equipment: Hamilton-T1 Vulnerabilities: Use of Hard-coded Credentials, Missing XML Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers with physical...

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability may allow code execution in the context of the current process. 3. TECHNICAL...

Siemens SIMATIC HMI Comfort Panels & SIMATIC HMI KTP Mobile Panels

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

Softing Industrial Automation OPC

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Softing Industrial Automation, GmbH Equipment: OPC Vulnerabilities: Heap-based Buffer Overflow, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Publicly Available Tools Seen in Cyber Incidents Worldwide

Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.12345 In it we highlight the use of five publicly available tools, which have been used for malicious purposes in...

Eaton Intelligent Power Manager

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Eaton Equipment: Intelligent Power Manager Vulnerabilities: Improper Input Validation, Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Siemens SIMATIC S7-300 CPU

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : SIMATIC S7-300 CPU Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, resulting...

Schneider Electric Serial Modbus Driver Buffer Overflow

OVERVIEW Carsten Eiram of Risk-Based Security has identified a stack-based buffer overflow vulnerability in Schneider Electric’s Serial Modbus Driver that affects 11 Schneider Electric products. Schneider Electric has produced patches that mitigate this vulnerability. This vulnerability can be...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition

1. EXECUTIVE SUMMARY CVSS v3 9.8 Attention : Exploitable remotely/low skill level to exploit. Vendor : Schneider Electric Software, LLC Equipment : InduSoft Web Studio, InTouch Machine Edition Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this...

ICSA-18-081-01 Siemens SIMATIC WinCC OA UI Mobile App

CVSS v3 5.1 ATTENTION: Exploitable from an adjacent network. Vendor: Siemens Equipment: SIMATIC WinCC OA UI mobile app Vulnerability: Improper Access Control AFFECTED PRODUCTS Siemens reports that this vulnerability affects the following products: SIMATIC WinCC OA UI for Android: All versions pri...

Siemens SIMATIC WinCC Add-On (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC Add-On Vulnerabilities: Stack-based Buffer Overflow, Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Security Features, Improper...

Schneider Electric Pro-face GP-Pro EX

CVSS v3 7.2 ATTENTION: Public exploits are available. Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Pro-face GP-Pro EX software, an HMI management platform, are affected: GP Pro EX version...

Schneider Electric Trio TView

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Trio TView Vulnerabilities: Multiple Vulnerabilities for Java Runtime Environment AFFECTED PRODUCTS The following versions of Schneider Electric Trio TView...

Siemens Desigo PX Web Module Insufficient Entropy Vulnerability

OVERVIEW Siemens has released a firmware update to mitigate an insufficient entropy vulnerability that affects Siemens Desigo PX Web modules. Marcella Hastings, Joshua Fried, and Nadia Heninger from the University of Pennsylvania coordinated this vulnerability directly with Siemens. This...

FATEK Automation Designer Memory Corruption Vulnerabilities

OVERVIEW Ariele Caltabiano kimiya working with Trend Micro’s Zero Day Initiative ZDI has identified a heap memory corruption and two stack buffer overflow vulnerabilities in Fatek’s Automation PM and FV Designer applications. Fatek has not produced an update to mitigate these vulnerabilities. ZDI...

Siemens SINEMA Remote Connect Server Cross-site Scripting Vulnerability

OVERVIEW Researchers Antonio Morales Maldonado of INNOTEC SYSTEM, and Alexander Van Maele and Tijl Deneut of Howest have identified a cross-site scripting XSS vulnerability in the Siemens SINEMA Remote Connect Server application. Siemens has produced an update to mitigate this vulnerability. This...

Moxa Device Server Web Console Authorization Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authorization bypass vulnerability in Moxa’s Device Server Web Console. Moxa has indicated the NPort 5232-N was discontinued in 2012 and has produced recommendations to mitigate this vulnerability. This vulnerability could be exploited...

Moxa UC 7408-LX-Plus Firmware Overwrite Vulnerability

OVERVIEW NCCIC/ICS-CERT has received information from a third party that identified a firmware overwrite vulnerability in Moxa’s UC 7408-LX-Plus device. Moxa has produced instructions to reduce exposure to this vulnerability. The Moxa UC 7408-LX-Plus device has been discontinued. This vulnerabili...

Siemens Industrial Products DROWN Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-103-03B Siemens Industrial Products DROWN Vulnerability that was published June 15, 2017, on the NCCIC/ICS-CERT web site. Siemens has found that a DROWNThe DROWN Attack, https://drownattack.com/, web site last...

Software Toolbox Top Server Resource Exhaustion Vulnerability

OVERVIEW Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified a resource exhaustion vulnerability in the Software Toolbox Top Server application. Software Toolbox has produced a new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECT...

Pepperl+Fuchs Hart Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in PEPPERL+FUCHS HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Pepperl+Fuchs has begun ...

Eaton Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 6, 2015, and is now being released to the NCCIC/ICS-CERT web site. Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech Nationa...

Advantech WebAccess Stack-Based Buffer Overflow Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a stack-based buffer overflow vulnerability in Advantech’s WebAccess application. Advantech has produced a new version to mitigate this vulnerability. Ivan Sanchez has tested the new version to validate that it resolves the vulnerability...

Siemens SIMATIC WinCC OA Multiple Vulnerabilities

OVERVIEW Researchers Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies have identified multiple vulnerabilities in the Siemens SIMATIC WinCC Open Architecture OA application. Siemens has produced updates that mitigate these vulnerabilities. These vulnerabilities could be...

Siemens SCALANCE X-200 Web Hijack Vulnerability

OVERVIEW Siemens has identified a Web hijack vulnerability in the SCALANCE X-200 switch product family. Researcher Eireann Leverett of IOActive coordinated disclosure of the vulnerability with Siemens. Siemens has produced a firmware update that mitigates this vulnerability. This vulnerability...

GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 19, 2013, and is now being released to the ICS-CERT-Web page. Independent researchers ZombiE and amisto0x07 have identified an improper input validation vulnerability in the GE CIMPLICITY WebView application...

WAGO IO 758 Default Linux Credentials

Overview This advisory updates the ICS-CERT Alert titled “ICS-ALERT-12-097-01 - WAGO IPC Vulnerabilities” that was posted on the ICS-CERT Web site on April 06, 2012. This alert detailed a vulnerability report of “hard-coded” credentials and improper access controls in the WAGO I/O System 758...

Siemens WinCC Multiple Vulnerabilities

Overview Independent researchers Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov from Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC application. In evaluating these reported...