OmniMetrix OmniView Vulnerabilities

OVERVIEW Bill Voltmer of Elation Technologies LLC has identified vulnerabilities in OmniMetrix’s OmniView web application. OmniMetrix has produced a new software version for its web interface that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCT...

Moxa DACenter Vulnerabilities

OVERVIEW Independent researcher Zhou Yu has identified denial-of-service and unquoted service path privilege escalation vulnerabilities in Moxa’s DACenter application. Moxa has produced a patch to mitigate these vulnerabilities. Zhou Yu has tested the patch to validate that it resolves the...

Kabona AB WDC Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-17-287-07 Kabona AB WDC Vulnerabilities that was published October 13, 2016, on the NCCIC/ICS-CERT web site. Martin Jartelius and John Stock of Outpost 24 have identified vulnerabilities in Kabona AB’s...

Eaton ELCSoft Programming Software Memory Vulnerabilities

OVERVIEW Ariele Calgaviano working with Zero Day Initiative has identified a heap-based memory corruption vulnerability and a stack buffer overflow vulnerability in Eaton’s ELCSoft programming software. Eaton has released a revision to mitigate these vulnerabilities. These vulnerabilities could b...

Sixnet BT Series Hard-coded Credentials Vulnerability

OVERVIEW Independent researcher Neil Smith has identified a hard-coded credential vulnerability in Sixnet’s BT series routers. Sixnet has produced patches and new firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. Exploits that target this vulnerability are...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities

OVERVIEW Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies Security Lab and independent researcher Alisa Esage Shevchenko have identified vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patch...

Schneider Electric Pelco DS-NVs Buffer Overflow Vulnerability

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning a buffer overflow vulnerability in Schneider Electric’s Pelco DS-NVs software package. This vulnerability was reported to ZDI by security researchers Ariele Caltabiano and Andrea Micalizzi. Schneider Electric h...

XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-342-01B XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published March 21, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update C Part 1 of 2 -------- Independent researchers Karn...

GE Multilink Switch Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...

Pacom 1000 CCU GMS System Cryptographic Implementation Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and is being released to the ICS-CERT web site. Swedish companies XPD and Assured found several crypto implementation flaws in the Pacom GMS system. Pacom has not produced a patch to mitigate...

Moxa Industrial Managed Switch Vulnerabilities

OVERVIEW Erwin Paternotte of Applied RiskApplied Risk Security Advisory AR2015001, Multiple Vulnerabilities in Moxa industrial manages switches, http://applied-risk.com/application/files/3414/4060/7148/AdvisoryMoxaMultipleVulnerabilities.pdf, web site last accessed September 3, 2015. has identifi...

Schneider Electric IMT25 DTM Vulnerability

OVERVIEW Alexander Bolshev, Gleb Cherbov, and Svetlana Cherkasova of Digital Security have identified a memory corruption vulnerability in Schneider Electric IMT25 DTM component. Schneider Electric has produced a patch that mitigates this vulnerability. Digital Security has tested this patch to...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability

OVERVIEW Gleb Gritsai, Alisa Esage Shevchenko, Ilya Karpov, and the team from Positive Technologies Security have found sensitive information stored in clear text in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products. Schneider Electric has released new patches t...

XZERES 442SR Wind Turbine CSRF Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a cross-site request forgery CSRF vulnerability in XZERES’s 442SR turbine generator operating system OS. XZERES has produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

Schneider Electric Authenticated Communication Risk Vulnerability

OVERVIEW ICS-CERT received a report from Schneider Electric concerning an Authenticated Communication Risk vulnerability in the Schneider Electric Software Update SESU utility. This vulnerability was reported to Schneider Electric by security researcher Arthur Gervais. The SESU is a centralized...

Kepware Technologies Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified a improper input validation vulnerability in the Kepware Technologies’ DNP Master Driver for the KEPServerEX Communications Platform. Kepware Technologies has produced a new version that mitigates this...

Schweitzer Engineering Laboratories Improper Input Validation

Overview Adam Crain of Automatak and independent researcher Chris Sistrunk have identified improper DNP3 input validation in Schweitzer Engineering Laboratories’ real-time automation controllers RTAC. Schweitzer Engineering Laboratories SEL has produced updated firmware that mitigates this...

IOServer DNP3 Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified improper input validation in IOServer’s DNP3 driver software. IOServer has produced an updated software version that mitigates this vulnerability. Adam Crain and Chris Sistrunk updated and tested this versi...

Korenix Jetport 5600 Series Hard-coded Credentials

Overview This advisory provides mitigation details for a vulnerability that impacts the Korenix JetPort 5600. Independent researcher Reid Wightman of Digital Bond identified undocumented hard-coded root credentials in the firmware of the Korenix JetPort 5600 system application without coordinatio...

ORing Industrial Networking IDS-5042/5042+ Hard-Coded Credential Vulnerability

Overview Independent researcher Reid Wightman of Digital BondKorenix and ORing Use Crypto, http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity/, Web site last accessed September 19, 2012. identified hard-coded credentials in the operating system of the ORing Industrial DIN-Rail...

Siemens S7-1200 Insecure Storage of HTTPS CA Certificate

Overview Siemens has reportedSSA-240718, http://www.siemens.com/corporate-technology/en/research-areas/siemens-cert-security-advisories.htm, Web site last accessed September 19, 2012 an insecure HTTPS certificate storage vulnerability in Siemens’ S7-1200 v2.x. Siemens has provided guidance to...

Siemens COMOS Database Privilege Escalation Vulnerability

Overview Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced an update that fixes this vulnerability. This vulnerability could be exploited remotely. Affected Products Siemens reports that the vulnerability affects the followin...

ScadaTEC ScadaPhone & Modbus TagServer Buffer Overflow Vulnerability

OVERVIEW This advisory is a follow-up to the ICS-CERT alert titled ICS-ALERT-11-255-01—ScadaTEC ScadaPhone/ModbusTagServer Buffer Overflow, which was published September 12, 2011, on the ICS‑CERT Web page. On September 12, 2011, independent security researcher Steven Seeley publicly released a...

Advantech OPC Server Buffer Overflow

Overview ICS-CERT originally released Advisory ICSA-11-279-01P on the US-CERT secure Portal on October 06, 2011. This web page release was delayed to allow users time to download and install the update. Security research and service institute Information and Communication Security Technology Cent...

Mitsubishi Electric MELSEC iQ-F FX5-OPC

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-F FX5-OPC Vulnerability : NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to...

Siemens SCALANCE M-800, RUGGEDCOM RM1224

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

AVEVA PI Web API

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : PI Web API Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...

Rockwell Automation FactoryTalk Remote Access

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : Factory Talk Remote Access Vulnerability : Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enter a...

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SIMATIC RTLS Locating Manager

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SINEMA Remote Connect Client

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

MicroDicom DICOM Viewer

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : MicroDicom Equipment : DICOM Viewer Vulnerabilities : Heap-based Buffer Overflow, Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory...

SVR Cyber Actors Adapt Tactics for Initial Cloud Access

How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures TTPs of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National...

Siemens SIMATIC and SIPLUS Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : CC-Link IE TSN Industrial Managed Switch Vulnerabilities : Observable Timing Discrepancy, Double Free 2. RISK EVALUATION Successful exploitation of these...

Rockwell Automation Select Logix Communication Modules

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR,...

Omron Engineering Software Zip-Slip

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION : Low attack complexity Vendor : Omron Equipment : Sysmac Studio, NX-IO Configurator Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system. 3...

Sensormatic Electronics iSTAR

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable via adjacent network/Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: iSTAR ​Vulnerability: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this...

Siemens SIMATIC CN 4100

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Siemens Brownfield Connectivity Client

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Delta Electronics DIAScreen

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of...

Hitachi Energy FOXMAN-UN

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Inadequate Encryption Strength, Use of Default Cryptographic Key, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive...

HEIDENHAIN Controller TNC (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: HEIDENHAIN Equipment: HEIDENHAIN TNC 640 controlling a HARTFORD 5A-65E CNC machine Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a loss of sensitive data,...

Advantech R-SeeNet

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an unauthorized attacker...

Honeywell SoftMaster

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: SoftMaster Vulnerabilities: Uncontrolled Search Path Element, Incorrect Permission Assignment for Critical Resource. 2. RISK EVALUATION Successful exploitation of these...

Hitachi Energy TXpert Hub CoreTec 4

1. EXECUTIVE SUMMARY CVSS v3 6.0 Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Input Validation, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...

Honeywell Trend Controls Inter-Controller Protocol

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Honeywell Equipment: Trend Controls IQ Series that utilize Inter-Controller IC protocol Vulnerability: Cleartext Transmission of Sensitive Information CISA is aware of a public report, known as “OT:ICEFALL” that details...

Hitachi Energy RTU500

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change the user’s password bypassing password...

Simcenter Femap and Parasolid

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap and Parasolid Vulnerability: Out-of-bounds Read 2. UPDATE This updated advisory is a follow-up to the original advisory titled ICSA-22-195-09 Simcenter Femap and Parasolid Update A that...