Bulletins | CERT@VDE

Schneider Electric EVlink Home Smart and Schneider Charge

Titel

Schneider Electric EVlink Home Smart and Schneider Charge

Veröffentlicht

23. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EVlink Home Smart and Schneider Charge Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may expose test credentials in the firmware binary. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...

23.01.2025

Hitachi Energy RTU500 Series Product

Titel

Hitachi Energy RTU500 Series Product

Veröffentlicht

23. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series products Vulnerability: Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS ...

21.01.2025

Traffic Alert and Collision Avoidance System (TCAS) II

Titel

Traffic Alert and Collision Avoidance System (TCAS) II

Veröffentlicht

21. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network Standard: Traffic Alert and Collision Avoidance System (TCAS) II Equipment: Collision Avoidance Systems Vulnerabilities: Reliance on Untrusted Inputs in a Security Decision, External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...

21.01.2025

Siemens SIMATIC S7-1200 CPUs

Titel

Siemens SIMATIC S7-1200 CPUs

Veröffentlicht

21. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-02

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

21.01.2025

ZF Roll Stability Support Plus (RSSPlus)

Titel

ZF Roll Stability Support Plus (RSSPlus)

Veröffentlicht

21. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: ZF Equipment: RSSPlus Vulnerability: Authentication Bypass By Primary Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely (proximal/adjacent with RF equipment) call diagnostic functions which could ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-01

Siemens Mendix LDAP

Titel

Siemens Mendix LDAP

Veröffentlicht

16. Januar 2025 13:00

URL

Text

Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products

Titel

Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products

Veröffentlicht

16. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-06

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: FOX61x, FOXCST, FOXMAN-UN Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. ...

Fuji Electric Alpha5 SMART

Titel

Fuji Electric Alpha5 SMART

Veröffentlicht

16. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 SMART Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Fuji Electric ...

Siemens SIPROTEC 5 Products

Titel

Siemens SIPROTEC 5 Products

Veröffentlicht

16. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-04

Text

Hitachi Energy FOX61x Products

Titel

Hitachi Energy FOX61x Products

Veröffentlicht

16. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-07

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOX61x Products Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to traverse the file system to access files or directories that would otherwise be inaccessible. ...

14.01.2025

Schneider Electric Vijeo Designer

Titel

Schneider Electric Vijeo Designer

Veröffentlicht

14. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Vijeo Designer Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a non-admin authenticated user to perform privilege escalation by tampering with the binaries. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

14.01.2025

Belledonne Communications Linphone-Desktop

Titel

Belledonne Communications Linphone-Desktop

Veröffentlicht

14. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Belledonne Communications Equipment: Linphone-Desktop Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

Delta Electronics DRASimuCAD (Update A)

Titel

Delta Electronics DRASimuCAD (Update A)

Veröffentlicht

10. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DRASimuCAD Vulnerabilities: Out-of-bounds Write, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...

Delta Electronics DRASimuCAD

Titel

Delta Electronics DRASimuCAD

Veröffentlicht

10. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-03-0

Text

Schneider Electric PowerChute Serial Shutdown

Titel

Schneider Electric PowerChute Serial Shutdown

Veröffentlicht

10. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerChute Serial Shutdown Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of access to the web interface when someone on the local network repeatedly requests the ...

Schneider Electric Harmony HMI and Pro-face HMI Products

Titel

Schneider Electric Harmony HMI and Pro-face HMI Products

Veröffentlicht

10. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony HMI and Pro-face HMI Products Vulnerability: Use of Unmaintained Third-Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could cause complete control of the device when an authenticated user installs malicious ...

07.01.2025

Nedap Librix Ecoreader

Titel

Nedap Librix Ecoreader

Veröffentlicht

7. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Nedap Librix Equipment: Ecoreader Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Ecoreader are ...

07.01.2025

ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products

Titel

ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products

Veröffentlicht

7. Januar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Server-Side Request Forgery (SSRF), Improper Neutralization of ...

Dezember 2024

Delta Electronics DTM Soft

Titel

Delta Electronics DTM Soft

Veröffentlicht

19. Dezember 2024 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTM Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products ...

Hitachi Energy RTU500 series CMU

Titel

Hitachi Energy RTU500 series CMU

Veröffentlicht

19. Dezember 2024 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 series CMU Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 ...

Hitachi Energy SDM600

Titel

Hitachi Energy SDM600

Veröffentlicht

19. Dezember 2024 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable from adjacent network Vendor: Hitachi Energy Equipment: SDM600 Vulnerabilities: Origin Validation Error, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi ...

Siemens User Management Component

Titel

Siemens User Management Component

Veröffentlicht

19. Dezember 2024 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-04

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...

Tibbo AggreGate Network Manager

Titel

Tibbo AggreGate Network Manager

Veröffentlicht

19. Dezember 2024 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-05

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Tibbo Equipment: AggreGate Network Manager Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 3. TECHNICAL DETAILS ...

Schneider Electric Accutech Manager

Titel

Schneider Electric Accutech Manager

Veröffentlicht

19. Dezember 2024 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-06

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Accutech Manager Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an attacker to cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. 3. ...

17.12.2024