Bulletins | CERT@VDE

https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-01

AXIS A1001

Titel

AXIS A1001

Veröffentlicht

25. Juli 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a ...

25.07.2023

Johnson Controls IQ Wifi 6

Titel

Johnson Controls IQ Wifi 6

Veröffentlicht

25. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04

Text

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. ...

25.07.2023

Emerson ROC800 Series RTU and DL8000 Preset Controller

Titel

Emerson ROC800 Series RTU and DL8000 Preset Controller

Veröffentlicht

25. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-03

Text

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or ...

20.07.2023

US CERT

Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

Titel

Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

Veröffentlicht

20. Juli 2023 21:28

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a

Text

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day ...

20.07.2023

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Titel

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Veröffentlicht

20. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01

Text

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to components, ability to execute ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05

GeoVision GV-ADR2701

Titel

GeoVision GV-ADR2701

Veröffentlicht

18. Juli 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: GeoVision Equipment: GV-ADR2701 Vulnerabilities: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to log in to the camera’s web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS GeoVision reports this ...

WellinTech KingHistorian

Titel

WellinTech KingHistorian

Veröffentlicht

18. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-07

Text

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or send ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03

Iagona ScrutisWeb

Titel

Iagona ScrutisWeb

Veröffentlicht

18. Juli 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04

Weintek Weincloud

Titel

Weintek Weincloud

Veröffentlicht

18. Juli 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: Weincloud Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper Handling of Structural Elements 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to utilize ...

Rockwell Automation Kinetix 5700 DC Bus Power Supply

Titel

Rockwell Automation Kinetix 5700 DC Bus Power Supply

Veröffentlicht

18. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-01

Text

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Kinetix 5700 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Rockwell Automation Kinetix 5700 DC ...

Keysight N6845A Geolocation Server

Titel

Keysight N6845A Geolocation Server

Veröffentlicht

18. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Server Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. 3. ...

Siemens SIMATIC CN 4100

Titel

Siemens SIMATIC CN 4100

Veröffentlicht

13. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-22-194-03

Text

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain privilege escalation and bypass network isolation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...

Honeywell Experion PKS, LX and PlantCruise

Titel

Honeywell Experion PKS, LX and PlantCruise

Veröffentlicht

13. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-06

Text

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, LX, and PlantCruise Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow, Out-of-bounds Write, Uncontrolled Resource Consumption, Improper Encoding or Escaping of Output, Deserialization of Untrusted Data, Improper Input Validation, Incorrect Comparison 2. RISK EVALUATION Successful ...

Siemens SiPass Integrated

Titel

Siemens SiPass Integrated

Veröffentlicht

13. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-02

Text

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SiPass Integrated Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to crash the server application, creating a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

Siemens RUGGEDCOM ROX

Titel

Siemens RUGGEDCOM ROX

Veröffentlicht

13. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01

Text

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate ...

Rockwell Automation PowerMonitor 1000

Titel

Rockwell Automation PowerMonitor 1000

Veröffentlicht

13. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-05

Text

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. ...

Siemens SIMATIC MV500 Devices

Titel

Siemens SIMATIC MV500 Devices

Veröffentlicht

13. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04

Text

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC MV500 series devices Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Release of Memory after Effective Lifetime, Injection, Inadequate Encryption Strength, Double Free, Incomplete Cleanup, Observable Discrepancy, Improper Locking, Use After Free, Improper ...

12.07.2023

Rockwell Automation Select Communication Modules

Titel

Rockwell Automation Select Communication Modules

Veröffentlicht

12. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01

Text

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access ...

Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

US CERT

Titel

Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

Veröffentlicht

11. Juli 2023 23:55

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a

Text

SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange ...

Sensormatic Electronics iSTAR

Titel

Sensormatic Electronics iSTAR

Veröffentlicht

11. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02

Text

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable via adjacent network/Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. Equipment: iSTAR Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to login to iSTAR devices with administrator rights. 3. ...

Rockwell Automation Enhanced HIM

Titel

Rockwell Automation Enhanced HIM

Veröffentlicht

11. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-01

Text

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Enhanced HIM Vulnerability: Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to sensitive information disclosure and full remote access to the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...

Panasonic Control FPWin Pro7

Titel

Panasonic Control FPWin Pro7

Veröffentlicht

11. Juli 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Panasonic Equipment: Control FPWIN Pro7 Vulnerabilities: Type Confusion, Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in information disclosure or remote code execution ...

SSA-924149 V1.0: Stack Overflow Vulnerability in SiPass Integrated before V2.90.3.8

SIEMENS CERT

Titel

SSA-924149 V1.0: Stack Overflow Vulnerability in SiPass Integrated before V2.90.3.8

Veröffentlicht

11. Juli 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-924149.html

Text

SiPass integrated versions before V2.90.3.8 contain a stack overflow vulnerability that could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition. Siemens has released an update for SiPass integrated and recommends to update to the latest version.

SSA-794697 V1.1 (Last Update: 2023-07-11): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0

SIEMENS CERT

Titel

SSA-794697 V1.1 (Last Update: 2023-07-11): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0

Veröffentlicht

11. Juli 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-794697.html

Text

Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.