Schneider Electric OPC Factory Server Buffer Overflow

OVERVIEW Researcher Wei Gao, formerly of IXIA, has identified a buffer overflow vulnerability in the Schneider Electric OPC Factory Server OFS application. Schneider Electric has produced a patch that mitigates this vulnerability. Wei Gao has tested the patch to validate that it resolves the...

Sixnet Universal Protocol Undocumented Function Codes (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-231-01A Sixnet Universal Protocol Undocumented Function Codes that was published August 26, 2013, on the ICS-CERT Web page. --------- Begin Update B Part 1 of 1 -------- Researchers Kyle Stone and Mehdi Sabraoui...

WellinTech KingView DLL Hijack Vulnerability

Overview Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application. WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability. Affected...

Siemens Teamcenter Visualization and Tecnomatix

SUMMARY Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the...

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update E)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable remotely Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite Vulnerabilities : Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper...

Schweitzer Engineering Laboratories SEL 700 series relays

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schweitzer Engineering Laboratories Equipment : SEL 700 series relays Vulnerability : Inclusion of Undocumented Features 2. RISK EVALUATION Successful exploitation of this vulnerability...

Rockwell Automation FactoryTalk View ME

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View ME Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the loss of view or...

Rockwell Automation PowerFlex 527

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : PowerFlex 527 Vulnerabilities : Improper Input Validation, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this these...

Schweitzer Engineering Laboratories SEL-411L

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schweitzer Engineering Laboratories Equipment : SEL-411L Vulnerability : Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability...

Siemens Tecnomatix Plant Simulation

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Suprema BioStar 2

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Suprema Inc. Equipment : BioStar 2 Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Walchem Intuition 9

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Walchem Equipment: Intuition 9 Vulnerabilities: Missing Authentication for Critical Function, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Keysight N6845A Geolocation Server

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Keysight Technologies ​Equipment: N6854A Geolocation Server ​Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow...

Siemens SIMATIC CN 4100

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Rockwell Automation ThinManager

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Path Traversal, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Siemens Polarion ALM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

GE CIMPLICITY

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: GE Equipment: CIMPLICITY Vulnerabilities: Access of Uninitialized Pointer, Heap-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Rockwell Automation Stratix Devices Containing Cisco IOS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix Devices Vulnerabilities: Incorrect Authorization, Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Interpretation Conflict, OS...

HIWIN Robot System Software (HRSS)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: HIWIN Equipment: HIWIN Robot System Software HRSS Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a...

Hitachi Energy Modular Switchgear Monitoring (MSM)

1. EXECUTIVE SUMMARY CVSS v3 5.0 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: Modular Switchgear Monitoring MSM Vulnerabilities: Cross-Site Request Forgery CSRF, HTTP Response Splitting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Protecting Against Cyber Threats to Managed Service Providers and their Customers

Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently...

BD Viper LT

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Viper LT Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete...

IDEC PLCs

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: IDEC Equipment: PLCs Programmable Logic Controllers Vulnerabilities: Unprotected Transport of Credentials, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...

Johnson Controls CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...

WECON PLC Editor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: WECON Equipment: PLC Editor Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Use of Web Browser Cache Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to read cached documents by...

Siemens RWG Universal Controllers

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Low attack complexity Vendor : Siemens Equipment : RWG Universal Controllers Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...

Siemens OpenSSL Vulnerabilities in Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Mitsubishi Electric Air Conditioning Systems

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple Air Conditioning Systems Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability may...

FATEK Automation FvDesigner

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: FATEK Automation Equipment: FvDesigner Vulnerabilities: Use After Free, Access of Uninitialized Pointer, Stack-based Buffer Overflow, Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation...

Philips SureSigns VS4

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely Vendor : Philips Equipment : SureSigns VS4 Vulnerabilities : Improper Input Validation, Improper Access Control, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...

Philips Ultrasound Systems

1. EXECUTIVE SUMMARY CVSS v3 3.6 Vendor: Philips Equipment : Ultrasound ClearVue, Ultrasound CX, Ultrasound EPIQ/Affiniti, Ultrasound Sparq, Ultrasound Xperius Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability...

Siemens SCALANCE Privilege Escalation Vulnerabilities (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SCALANCE X-200 switch family and SCALANCE X-200IRT switch family Vulnerabilities: Privilege Escalation, Improper Authentication 2. UPDATE INFORMATION This updated advisory is a...

Fujifilm FCR Capsula X/Carbon X

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fujifilm Equipment: FCR Capsula X/Carbon X Vulnerabilities: Uncontrolled Resource Consumption, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Dräger Infinity Delta

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Dräger Equipment: Infinity Delta Vulnerabilities: Improper Input Validation, Information Exposure Through Log Files, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers

1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: 9790 CareLink Programmer, 2090 CareLink Programmer, 29901 Encore Programmer Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION As part of the intended functionality of this...

Rockwell Automation Arena

1. EXECUTIVE SUMMARY CVSS v3 5.5 Vendor : Rockwell Automation Equipment : Arena Vulnerability : Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the software application to crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of...

Delta Electronics PMSoft

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low skill level to exploit. Vendor : Delta Electronics Equipment : PMSoft Vulnerabilities : Multiple Stack-Based Buffer Overflow vulnerabilities 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause the application to crash;...

Siemens LOGO! (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerabilities: Insufficiently Protected Credentials, Man-in-the-Middle 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

OSIsoft PI Integrator

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Integrator Vulnerabilities: Cross-Site Scripting, Improper Authorization AFFECTED PRODUCTS The following versions of PI Integrator, a data management platform, are affected: PI Integrator for SAP...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Certec EDV GmbH atvise scada (Update A)

CVSS v3 6.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Certec EDV GmbH Equipment: atvise scada Vulnerabilities: Cross-Site Scripting, Header Injection UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-096-01 Certec EDV GmbH...

AMX Multiple Products Credential Management Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-049-02 AMX Multiple Products Credential Management Vulnerabilities that was published February 18, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- ICS-CERT has become aware of...

Moxa NPort Device Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-02 Moxa NPort Device Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Security researchers Reid Wightman of RevICS Security, Mikael Vingaard, and Maxim Rupp have identifie...

Emerson DeltaV Wireless I/O Card Open SSH Port Vulnerability

OVERVIEW Emerson has identified an open SSH port vulnerability in the DeltaV Wireless I/O Card. Emerson has produced a firmware patch that disables the SSH port. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Emerson reports that the vulnerability affects the following products...

Exemys Web Server Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a login bypass in the Exemys Telemetry Web Server. Exemys has not produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Exemys product is affected: Exemys Telemetry...

Trihedral Engineering Limited VTScada Integer Overflow Vulnerability

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application. Trihedral Engineering Limited has produced a patch that mitigates this vulnerability. This vulnerability could be exploited...

Sensys Networks Traffic Sensor Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-247-01A Sensys Networks traffic sensor vulnerabilities that was published September 04, 2014, on the NCCIC/ICS-CERT web site. Researcher Cesar Cerrudo of IOActive has identified vulnerabilities in the Sensys...

Emerson DeltaV Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 13, 2014, and is being released to the NCCIC/ICS-CERT web site. Emerson has identified two authorization vulnerabilities in the Emerson DeltaV application. These vulnerabilities were reported directly to...

Invensys Wonderware Win-XML Exporter Improper Input Validation Vulnerability

Overview This advisory was originally posted to the US-CERT secure Portal library on March 08, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware Win-XML Exporter. Researchers Timur Yunusov,...