Skip to main content
(844) 422-7000

Hitachi Energy eSOMS

Written by on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: eSOMS
Vulnerabilities: Generation of Error Message Containing Sensitive Information, Exposure of Sensitive System Information to an Unauthorized Control Sphere

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information related to eSOMS application configuration.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Hitachi Energy products are affected:

eSOMS: v6.3.13 and prior

3.2 Vulnerability Overview

3.2.1 GENERATION OF ERROR MESSAGE CONTAINING SENSITIVE INFORMATION CWE-209

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.

CVE-2023-5514 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.2 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications.

CVE-2023-5515 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.3 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version info, endpoints, backend server, Internal IP. etc., which could expose additional attack surface containing other vulnerabilities.

CVE-2023-5516 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Hitachi Energy reported these vulnerabilities to CISA.

4. MITIGATIONS

Hitachi Energy recommends updating eSOMS to a fixed version when available.

For more information on this issue, see the Hitachi Energy eSOMS Security Advisory 8DBD000175.

CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

November 9, 2023: Initial Publication

CVE-2023-5561

Written by on . Posted in WordPress Vulnerabilities.

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack (CVSS:5.3) (EPSS:0.07%) (Last Update:2023-11-08 19:15:10)

CVE-2022-21663

Written by on . Posted in WordPress Vulnerabilities.

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. (CVSS:7.2) (EPSS:0.33%) (Last Update:2023-06-27 19:03:59)

CVE-2022-21664

Written by on . Posted in WordPress Vulnerabilities.

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there’s potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. (CVSS:8.8) (EPSS:0.47%) (Last Update:2022-04-12 18:53:08)

GE MiCOM S1 Agile

Written by on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 5.3
ATTENTION: Low attack complexity
Vendor: General Electric
Equipment: MiCOM S1 Agile
Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to upload malicious files and achieve code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of General Electric MiCOM S1 Agile is affected:

MiCOM S1 Agile: All versions

3.2 Vulnerability Overview

3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.

CVE-2023-0898 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Multiple
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Sushant Mane, Anooja Joy & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India reported this vulnerability to CISA.

4. MITIGATIONS

General Electric has released an update that resolves this vulnerability. No action is required by the user.

For more information, see General Electric’s Security Advisory.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

November 07, 2023: Initial Publication

CVE-2022-43504

Written by on . Posted in WordPress Vulnerabilities.

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7. (CVSS:5.3) (EPSS:0.10%) (Last Update:2023-02-03 16:58:26)

CVE-2023-39999

Written by on . Posted in WordPress Vulnerabilities.

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. (CVSS:4.3) (EPSS:0.30%) (Last Update:2023-11-03 22:15:10)

Franklin Fueling System TS-550

Written by on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 8.3
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Franklin Fueling System
Equipment: TS-550
Vulnerability: Use of Password Hash with Insufficient Computational Effort

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to access the device and gain unauthenticated access.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Franklin Fueling System TS-550, are affected:

TS-550: All versions prior to 1.9.23.8960

3.2 Vulnerability Overview

3.2.1 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916

Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

CVE-2023-5846 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

CISA discovered a public Proof of Concept (PoC) as authored by Parsa Rezaie Khiabanloo and reported it to Exploit-db.

4. MITIGATIONS

Franklin Fueling Systems released the following to fix this vulnerability:

TS-550: Version 1.9.23.8960

For more information, contact Franklin Fueling System.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

November 2, 2023: Initial Publication

Schneider Electric SpaceLogic C-Bus Toolkit

Written by on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: SpaceLogic C-Bus Toolkit
Vulnerabilities: Improper Privilege Management, Path Traversal

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, which could result in tampering of the SpaceLogic C-Bus home automation system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Schneider Electric products are affected:

SpaceLogic C-Bus Toolkit: Versions 1.16.3 and prior

3.2 Vulnerability Overview

3.2.1 Improper Privilege Management CWE-269

Schneider Electric’s SpaceLogic C-Bus Toolkit product is vulnerable due to improper privilege management, which could cause remote code execution when the transfer command is used over the network.

CVE-2023-5402 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.2 Path Traversal CWE-22

Schneider Electric’s SpaceLogic C-Bus Toolkit product contains a path traversal vulnerability, which could cause tampering of files on the personal computer running C-Bus when using the File Command.

CVE-2023-5399 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

An anonymous researcher working with Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.

4. MITIGATIONS

Schneider Electric has provided a fix to these vulnerabilities and recommends updating the software to v1.16.4. After installation, it is recommended to reboot the system and verify the version number reflects the new version.

If users choose not to apply the remediation provided, they should immediately apply the following mitigation to reduce the risk of exploit:

Block TCP Port 20023 to SpaceLogic C-Bus Toolkit by using the rules in the PC firewall.

By doing this, the vulnerable commands could not then be used to compromise the PC by an external entity as the connection and ultimately the command will not be accepted by SpaceLogic C-Bus Toolkit.

For more information, refer to Schneider Electric’s Security Bulletin SEVD-2023-283-1

Schneider Electric strongly recommends the following industry cybersecurity best practices.

Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
Place all controllers in locked cabinets and never leave them in the “Program” mode.
Never connect programming software to any network other than the network intended for that device.
Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc., before use in the terminals or any node connected to these networks.
Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

November 2, 2023: Initial Publication

Red Lion Crimson

Written by on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Red Lion
Equipment: FlexEdge Gateway, DA50A, DA70A running Crimson
Vulnerability: Improper Neutralization of Null Byte or NUL Character

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to truncate passwords configured by the Crimson configuration tool which could create weaker than intended credentials.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Red Lion products are affected:

Crimson: v3.2.0053.18 or prior

3.2 Vulnerability Overview

3.2.1 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

CVE-2023-5719 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Alexander Ratelle of Hepburn Engineering Inc, reported this vulnerability to Red Lion.

4. MITIGATIONS

Red Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the Red Lion website.

Any existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below.

For more information refer to Red Lion’s security advisory RLCSIM-2023-04.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

November 2, 2023: Initial Publication