Bulletins | CERT@VDE

Omron Engineering Software

Titel

Omron Engineering Software

Veröffentlicht

19. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron engineering software are ...

Siemans WIBU Systems CodeMeter

Titel

Siemans WIBU Systems CodeMeter

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

Rockwell Automation Pavilion8

Titel

Rockwell Automation Pavilion8

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-07

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion8 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve other user's sessions data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell ...

Siemens SIMATIC, SIPLUS Products

Titel

Siemens SIMATIC, SIPLUS Products

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-01

Text

Siemans QMS Automotive

Titel

Siemans QMS Automotive

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-03

Text

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-05

Siemens SIMATIC IPCs

Titel

Siemens SIMATIC IPCs

Veröffentlicht

14. September 2023 14:00

URL

Text

Siemens WIBU Systems CodeMeter

Titel

Siemens WIBU Systems CodeMeter

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06

Text

12.09.2023

Hitachi Energy Lumada APM Edge

Titel

Hitachi Energy Lumada APM Edge

Veröffentlicht

12. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management (APM) Edge Vulnerabilities: Use After Free, Double Free, Type Confusion, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition ...

12.09.2023

Fujitsu Software Infrastructure Manager

Titel

Fujitsu Software Infrastructure Manager

Veröffentlicht

12. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low attack complexity Vendor: Fujitsu Software Equipment: Infrastructure Manager Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker retrieving the password for the proxy server that is configured in ISM from ...

07.09.2023

Dover Fueling Solutions MAGLINK LX Console

Titel

Dover Fueling Solutions MAGLINK LX Console

Veröffentlicht

7. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01

Text

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions Equipment: MAGLINK LX - Web Console Configuration Vulnerabilities: Authentication Bypass using an Alternate Path or Channel, Improper Access Control, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain ...

07.09.2023

Phoenix Contact TC ROUTER and TC CLOUD CLIENT

Titel

Phoenix Contact TC ROUTER and TC CLOUD CLIENT

Veröffentlicht

7. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-02

Text

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Phoenix Contact Equipment: TC ROUTER and TC CLOUD CLIENT Vulnerabilities: Cross-site Scripting, XML Entity Expansion 2. RISK EVALUATION Successful exploitation of this these vulnerabilities could execute code in the context of the user's browser or ...

07.09.2023

Socomec MOD3GP-SY-120K

Titel

Socomec MOD3GP-SY-120K

Veröffentlicht

7. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

Text

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Socomec Equipment: MOD3GP-SY-120K Vulnerabilities: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Storage of Sensitive Information, Reliance on Cookies without Validation and Integrity Checking, Code Injection, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these ...

05.09.2023

Fujitsu Limited Real-time Video Transmission Gear "IP series"

Titel

Fujitsu Limited Real-time Video Transmission Gear "IP series"

Veröffentlicht

5. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-248-01

Text

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker logging into the web interface using the obtained credentials. The attacker could initialize ...

August 2023

PTC Kepware KepServerEX

Titel

PTC Kepware KepServerEX

Veröffentlicht

31. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Kepware KepServerEX Vulnerabilities: Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, and obtain server hashes ...

Digi RealPort Protocol

Titel

Digi RealPort Protocol

Veröffentlicht

31. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04

Text

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Digi International, Inc. Equipment: Digi RealPort Protocol Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the attacker to access connected equipment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Digi ...

ARDEREG Sistemas SCADA

Titel

ARDEREG Sistemas SCADA

Veröffentlicht

31. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-01

Text

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: ARDEREG Equipment: Sistemas SCADA Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate SQL query logic to extract sensitive information and perform unauthorized actions within the database. 3. TECHNICAL DETAILS ...

GE Digital CIMPLICITY

Titel

GE Digital CIMPLICITY

Veröffentlicht

31. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: GE Digital Equipment: CIMPLICITY Vulnerability: Process Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges to SYSTEM. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following GE products are affected: GE ...

29.08.2023

https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01

PTC Codebeamer

Titel

PTC Codebeamer

Veröffentlicht

29. August 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Codebeamer Vulnerability: Cross site scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject arbitrary JavaScript code, which could be executed in the victim's browser upon clicking on a malicious link. ...

Rockwell Automation Select Distributed I/O Communication Modules

Titel

Rockwell Automation Select Distributed I/O Communication Modules

Veröffentlicht

24. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-06

Text

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR Series A, 1732E-12X4M12QCDR Series A, 1732E-16CFGM12QCR Series A, 1732E-16CFGM12P5QCR Series A, 1732E-12X4M12P5QCDR Series A, 1732E-16CFGM12P5QCWR Series B, 1732E-IB16M12R Series B, 1732E-OB16M12R ...

CODESYS Development System

Titel

CODESYS Development System

Veröffentlicht

24. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-03

Text

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS Development System Vulnerability: Uncontrolled Search Path Element. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause users to unknowingly launch a malicious binary placed by a local attacker. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02

OPTO 22 SNAP PAC S1

Titel

OPTO 22 SNAP PAC S1

Veröffentlicht

24. August 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: OPTO 22 Equipment: SNAP PAC S1 Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Weak Password Requirements, Improper Access Control, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to brute force passwords, ...

Rockwell Automation Input/Output Modules

Titel

Rockwell Automation Input/Output Modules

Veröffentlicht

24. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-06

Text

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01

KNX Protocol

Titel

KNX Protocol

Veröffentlicht

24. August 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: KNX Association Equipment: KNX devices using KNX Connection Authorization Vulnerability: Overly Restrictive Account Lockout Mechanism 2. RISK EVALUATION Successful exploitation of this vulnerability could cause users to lose access to their device, potentially with no way ...

CODESYS Development System

Titel

CODESYS Development System

Veröffentlicht

24. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-05

Text

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS Development System Vulnerability: Insufficient Verification of Data Authenticity. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute a-man-in-the-middle (MITM) attack to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

22.08.2023