Moxa PT-7728 Series Switch Improper Authorization Vulnerability

OVERVIEW Researcher Can Demirel of Biznet Bilisim has identified an improper authorization vulnerability in Moxa’s Industrial Ethernet Switch PT-7728 series. Moxa has produced an update to mitigate this vulnerability. Can Demirel has tested the update to validate that it resolves the vulnerabilit...

Trihedral Engineering Limited VTScada Vulnerabilities

OVERVIEW An anonymous researcher has identified several vulnerabilities in Trihedral Engineering Ltd.’s Trihedral VTScada and reported them to Zero Day Initiative ZDI, which reported them to NCCIC/ICS-CERT. Trihedral Engineering Ltd. has produced a new version to mitigate these vulnerabilities...

Elipse E3 Process Control Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-069-04 Elipse E3 Process Control Vulnerability that was published March 10, 2015, on the NCCIC/ICS-CERT web site. Ivan Sanchez from Nullcode Team has identified a process control vulnerability in the Elipse E3...

Advantech EKI Hard-coded SSH Keys Vulnerability

OVERVIEW Independent researcher Neil Smith has identified a hard-coded SSH key vulnerability in Advantech’s EKI-122X series products. Advantech has produced new firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Advantech reports that the...

3S CODESYS Runtime Toolkit Null Pointer Dereference Vulnerability

OVERVIEW Nicholas Miles of Tenable Network Security has identified a NULL pointer dereference vulnerability in 3S-Smart Software Solutions GmbH’s CODESYS Runtime Toolkit. 3S has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCT...

Moxa SoftCMS Buffer Overflow Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning buffer overflow vulnerabilities in Moxa’s SoftCMS software package. These vulnerabilities were reported to ZDI by security researcher Carsten Eiram of Risk Based Security, who identified seven vulnerabilities,...

PACTware Exceptional Conditions Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a handling of exceptional conditions vulnerability in PACTware Consortium’s PACTware application. PACTware Consortium has produced a new service pack that mitigates this vulnerability. Ivan Sanchez has tested the new version to validate that...

Schneider Electric Wonderware System Platform Vulnerabilities

OVERVIEW Ivan Sanchez of WiseSecurity Team has identified a fixed search path vulnerability in Schneider Electric’s Wonderware InTouch, Application Server, Historian, and SuiteLink applications, which are part of the Wonderware System Platform suite. Schneider Electric has produced a patch that...

Mitsubishi Electric MELSEC FX-Series Controllers Denial of Service

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 26, 2015, and is being released to the NCCIC/ICS-CERT web site. Ralf Spenneberg of OpenSource Security has identified a denial of service DoS vulnerability in the Mitsubishi Electric Automation, Inc.,...

ICONICS GENESIS32 Insecure ActiveX Control

OVERVIEW NCCIC/ICS-CERT discovered a vulnerability in the ICONICS GENESIS32 application during resolution of unrelated products. ICONICS has produced a patch for all vulnerable versions of its GENESIS32 product. ICONICS GENESIS32 Version 9.0 and newer are not vulnerable to this ActiveX...

Innominate mGuard Privilege Escalation Vulnerability

OVERVIEW Innominate Security Technologies has identified a privilege escalation vulnerability affecting all mGuard devices. Innominate has produced a firmware patch that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Innominate mGuard...

Tridium NiagaraAX Directory Traversal Vulnerability

Overview This advisory provides mitigation details for a vulnerability in the Tridium NiagaraAX software. Independent researchers Billy Rios and Terry McCorkle discovered a directory traversal vulnerability in the Tridium NiagaraAX software product. They demonstrated that with a valid user accoun...

ProSoft Technology RadioLinx ControlScape PRNG Vulnerability

OVERVIEW Lucas Apa and Carlos Mario Penagos Hollman, security researchers with IOActive, have identified a weak pseudo-random number generator PRNG seed in the ProSoft Technology RadioLinx ControlScape application software. ProSoft Technology has produced a new firmware patch that mitigates this...

Siemens COMOS Privilege Escalation Vulnerability

OVERVIEW Siemens has notified ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced a patch that mitigates this vulnerability. AFFECTED PRODUCTS The following Siemens COMOS versions are affected: All COMOS versions prior to 9.1 COMOS 9.1:...

Siemens WinCC TIA Portal Vulnerabilities

OVERVIEW Researchers Timur Yunusov and Sergey Bobrov of Positive Technologies have identified several vulnerabilities in the Siemens WinCC TIA Portal. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it...

QNX Multiple Vulnerabilities

OVERVIEW Independent researcher Luigi Auriemma identified a stack-based buffer overflow and a buffer copy without checking size of input vulnerabilities in QNX’s Phrelay, Phwindows, and Phditto products without coordination with ICS-CERT, the vendor, or any other coordinating entity known to...

OSIsoft PI OPC DA Interface Buffer Overflow

Overview ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested b...

ABB Multiple Components Buffer Overflow

Overview Independent researchers Terry McCorkle and Billy Rios identified a buffer overflow vulnerability in multiple components of the ABB WebWare Server application. These components have been found to contain vulnerabilities in the COM and scripting interfaces. Follow-up investigation by ABB...

Rockwell PLC5/SLC5/0x/RSLogix Security Vulnerability

Overview Rockwell Automation has identified a security vulnerability in the programming and configuration client software authentication mechanism employed by certain versions of the PLC-5 and SLC 5/0x family of programmable controllers. Affected Products Rockwell PLC-5 and SLC 5/0x controllers a...

Subnet Solutions Inc. PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery SSRF, Inefficient Regular Expression Complexity, Cross-Site Request Forgery CSRF 2. RISK...

Siemens COMOS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Motorola Solutions Vigilant License Plate Readers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Motorola Solutions Equipment : Vigilant Fixed LPR Coms Box BCAV1F2-C600 Vulnerabilities : Authentication Bypass Using an Alternate Path or Channel, Cleartext Storage in a File or on Disk, Us...

Siemens SIMATIC and SIPLUS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

LenelS2 NetBox

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : LenelS2 Equipment : NetBox Vulnerabilities : Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Siemens SICAM Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Hitachi Energy Asset Suite 9

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : Asset Suite 9 Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use an...

Schneider Electric EcoStruxure Power Design

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Design Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution...

Voltronic Power ViewPower Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command...

Siemens SICAM PAS/PQS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens Spectrum Power 7

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

​Siemens Software Center

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

Rockwell Automation Select Communication Modules

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK,...

Atlas Copco Power Focus 6000

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Atlas Copco Equipment: Power Focus 6000 Vulnerabilities: Cleartext Storage of Sensitive Information, Small Space of Random Values, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION...

Hitachi Energy’s AFS65x, AFS67x, AFR67x and AFF66x Products

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS65x, AFS67x, AFR67x and AFF66x series products Vulnerabilities: Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Siemens Solid Edge

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SCALANCE LPE9403

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens Siveillance

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Mitsubishi Electric GOC35 Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric India Equipment: GC-ENET-COM Vulnerability: Signal Handler Race Condition 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a communication error and may...

JTEKT ELECTRONICS Screen Creator Advance 2

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Screen Creator Advance 2 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Weintek EasyBuilder Pro cMT Series

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: EasyBuilder Pro Vulnerability: Path Traversal: '\..\filename' 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain control of the user’s...

Siemens COMOS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens JT Open, JT Utilities, and Parasolid

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Johnson Controls System Configuration Tool (SCT)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: System Configuration Tool Vulnerabilities: Sensitive Cookie Without ‘HttpOnly’ Flag, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 2. RISK EVALUATION Successful exploitation of...

Landis+Gyr E850

1. EXECUTIVE SUMMARY CVSS v3 3.9 ATTENTION: Low attack complexity Vendor: Landis+Gyr Equipment: E850 ZMQ200 Vulnerability: Reliance on Cookies without Validation and Integrity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition for the end...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Johnson Controls Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposed credentials in plain text...

Siemens SICAM PAS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM PAS Vulnerabilities: Uncontrolled Search Path Element, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION...

Siemens Simcenter STAR-CCM+

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

Omron NJ/NX-series Machine Automation Controllers

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely, public exploits are available Vendor: Omron Equipment: NJ/NX-series Machine Automation Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...

Honeywell ControlEdge

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: ControlEdge Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report known as “OT:ICEFALL” that details vulnerabilities found in multiple...

Hitachi Energy RTU500 OpenLDAP

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Type Confusion, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition...