Siemens SIMATIC S7-400 PN CPU DoS

Overview Siemens has reported to ICS-CERT that denial-of-service DoS vulnerabilities exist in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. Siemens has produced a firmware update that mitigates the vulnerability affecting the S7-400 V6. Siemens will not fix the vulnerability that...

Siemens Scalance X Buffer Overflow Vulnerability

Overview ICS-CERT has received a report from Siemens regarding a buffer overflow vulnerability in the web interface of the Scalance X Industrial Ethernet switch. This vulnerability was reported to Siemens by Jürgen Bilberger from Daimler TSS GmbH. This vulnerability leaves the affected devices...

Microsoft Windows inconsistent driver blocking

RISK EVALUATION Microsoft Windows Defender Application Control WDAC and the Microsoft vulnerable driver blocklist do not adequately block known-vulnerable drivers. These unexpected behaviors can confuse users about whether or not driver blocking is working and which drivers are being blocked. 2...

Siemens Tecnomatix Plant Simulation

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Vulnerability : Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this...

Franklin Fueling System TS-550

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Fueling System Equipment : TS-550 Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful...

Siemens Xpedition Layout Browser

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Omron CJ/CS/CP Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Omron Equipment : Sysmac CJ/CS/CP Series Vulnerability : Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Hitachi Energy RTU500 series

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: RTU500 series ​Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could cause a buffer overflow and reboot of...

Panasonic Control FPWin Pro7

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Panasonic Equipment: Control FPWIN Pro7 Vulnerabilities: Type Confusion, Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

Siemens SIMATIC WinCC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Moxa MXsecurity Series

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXsecurity Series Vulnerabilities: Command Injection and Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized...

Rockwell Automation Arena Simulation Software

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Incorrect Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Omron CJ1M PLC

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: CJ1M PLC Vulnerabilities: Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass user memory protections by...

Hitachi Energy IEC 61850 MMS-Server (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: IEC 61850 MMS-Server Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server...

Horner Automation Cscape Envision RV

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Envision RV Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to an attacker executing arbitrary code...

Siemens Mendix SAML Module

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Priva TopControl Suite

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Priva Equipment: TopControl Suite Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Phoenix Contact Automation Worx

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these...

MOXA NPort 5110

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: MOXA Equipment: NPort 5110 Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to change memory values and/or cause the...

Hitachi Energy System Data Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2. RISK...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to extract information from a database protected field...

Moxa MGate Protocol Gateways

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MGate MB3180/MB3280/MB3480 Series Protocol Gateways Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Horner Automation Cscape EnvisionRV

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape EnvisionRV Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could execute arbitrary code in the context of the current process...

Siemens SIMATIC eaSie PCS 7 Skill Package

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC eaSie PCS 7 Skill Package Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to read...

Hitachi Energy Relion 670/650/SAM600-IO

1. EXECUTIVE SUMMARY CVSS v3 8.1 Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could hijack existing TCP sessions to inject packets of their choosing or cause...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users bypass write permissions to attributes of...

DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...

Siemens SCALANCE XM-400 and XR-500 Devices

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE XM-400, XR-500 Vulnerability: Incorrect Calculation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to create...

Siemens SIMATIC NET CP343-1

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP343-1 devices Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition...

Siemens Mendix Excel Importer Module

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mendix, a subsidiary of Siemens Equipment: Mendix Excel Importer Module Vulnerability: Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

Siemens Tecnomatix RobotExpert

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Tecnomatix RobotExpert Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1...

Advantech WebAccessSCADA

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Siemens and PKE Control Center Server

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens/PKE Equipment: Control Center Server CCS Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky...

Siemens DIGSI 4

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: DIGSI 4 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low privileged attacker to execute arbitrary code with SYSTEM...

Medtronic MyCareLink Smart

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: Medtronic Equipment: MyCareLink MCL Smart Model 25000 Patient Reader Vulnerabilities: Improper Authentication, Heap-based Buffer Overflow, Time-of-check Time-of-use Race Condition 2...

B. Braun OnlineSuite

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B. Braun Melsungen AG Equipment: OnlineSuite Vulnerabilities: Relative Path Traversal, Uncontrolled Search Path Element, Improper Neutralization of Formula Elements in a CSV File 2. RISK...

Advantech WebAccess Node

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the application being accessed; a buffer...

Delta Industrial Automation DOPSoft

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds read, Use after free 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow...

GE Aestiva and Aespire Anesthesia (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Aestiva and Aespire Anesthesia Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-19-190-01 GE...

BD Alaris Gateway Workstation

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BD Becton, Dickinson and Company Equipment: Alaris Gateway Workstation Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Exploitation of...

Hetronic Nova-M

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Hetronic Equipment: Nova-M Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...

gpsd Open Source Project

1. EXECUTIVE SUMMARY CVSS v3 8.3 Vendor: gpsd Open Source Project Equipment: gpsd, microjson Vulnerability: Stack-based Buffer Overflow 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on November 6, 2018, and is being released to the NCCIC/ICS-CERT...

WAGO PFC200 Series

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: WAGO Equipment: PFC200 Series Vulnerability: Improper Authentication UPDATE INFORMATION This advisory is a follow-up to the alert titled ICS-ALERT-17-341-01 WAGO PFC200 that was publishe...

Ctek, Inc. SkyRouter

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ctek, Inc. Equipment: SkyRouter Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of SkyRouter, a wireless and automation solution, are affected: SkyRouter Series 4200 and 4400 all versio...

BLF-Tech LLC VisualView HMI

CVSS v3 7.0 ATTENTION: Low skill level to exploit Vendor: BLF-Tech LLC Equipment: VisualView HMI Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following VisualView HMI versions are affected: VisualView HMI Version 9.9.14.0 and prior. IMPACT Successful exploitation of this...

ABB Panel Builder 800 DLL Hijacking Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-077-01 ABB Panel Builder 800 DLL Hijacking Vulnerability that was published March 17, 2016, on the NCCIC/ICS-CERT web site. Ivan Sanchez from Nullcode Team has identified a DLL Hijacking vulnerability in the ABB...

Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on March 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified vulnerabilities in Eaton Lighting Systems’ EG2 Web Control application. Eaton Lighting Systems...

CA Unified Infrastructure Management Directory Traversal Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-315-01A CA Unified Infrastructure Management Directory Traversal Vulnerability that was published November 15, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi, working with Zero Day...

Phoenix Contact ILC PLC Authentication Vulnerabilities

OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...