CWE-36: Absolute Path Traversal
Successful exploitation of this vulnerability could allow an attacker to read from the Experion controllers or SMSC S300. This exploit could be used to read files from the controller that may expose limited information from the device.
CWE-749: Exposed Dangerous Method or Function
Successful exploitation of this vulnerability could allow an attacker to modify files on Experion controllers or SMSC S300. This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered.
CWE-284 IMPROPER ACCESS CONTROL:
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow users, including unprivileged users, to write or overwrite files.
Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.
CWE-256: Plaintext Storage of a Password
In Automation-Direct C-MORE EA9 HMI credentials used by the platform are stored as plain text on the device.
AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78
Affected versions:
CWE-121: Stack-based Buffer Overflow
In Automation-Direct C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which leads to a stack overflow. The result of this stack-based buffer overflow will lead to a denial-of-service conditions.
AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78
Affected versions:
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
There is a function in Automation-Direct C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78
Affected versions:
CWE-319: CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
Softing edgeConnector: Version 3.60 and Softing edgeAggregator: Version 3.60 are affected. Update Softing edgeConnector and edgeAggregator to v3.70 or greater.
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Unitronics released an update to its Unistream Unilogic software, fixing multiple security vulnerabilities. Update ASAP to version 1.35.227 or latest version provided by Unitronics.
[Read more: New Critical Vulnerabilities in Unitronics UniStream Devices Uncovered.]
CWE-23: Relative Path Traversal
Unitronics released an update to its Unistream Unilogic software, fixing multiple security vulnerabilities. Versions affected are earlier than 1.35.227.
[Read more: New Critical Vulnerabilities in Unitronics UniStream Devices Uncovered.]
CWE-22: 'Path traversal'
Unitronics released an update to its Unistream Unilogic software, fixing multiple security vulnerabilities. Versions affected are earlier than 1.35.227.
Read More: New Critical Vulnerabilities in Unitronics UniStream Devices Uncovered
CWE-22: Path Traversal
Unitronics released an update to its Unistream Unilogic software, fixing multiple security vulnerabilities, including this remote code execution vulnerability.
[Read more: New Critical Vulnerabilities in Unitronics UniStream Devices Uncovered.]
CWE-78: 'OS Command Injection'
Unitronics released an update to its Unistream Unilogic software, fixing multiple security vulnerabilities. Versions affected are earlier than 1.35.227.
[Read more: New Critical Vulnerabilities in Unitronics UniStream Devices Uncovered.]
CWE-78: 'OS Command Injection'
Unitronics released an update to its Unistream Unilogic software, fixing multiple security vulnerabilities. Versions affected are earlier than 1.35.227.
[Read more: New Critical Vulnerabilities in Unitronics UniStream Devices Uncovered.]
CWE-259: Use of Hard-coded Password: Sensitive Information Embedded inside Devices Firmware
Unitronics released an update to its Unistream Unilogic software, fixing multiple security vulnerabilities. Versions affected are earlier than 1.35.227.
Read More: New Critical Vulnerabilities in Unitronics UniStream Devices Uncovered
CWE-287: Improper Authentication
Unitronics released an update to its Unistream Unilogic software, fixing multiple security vulnerabilities. Versions affected are earlier than 1.35.227. Update ASAP to version 1.35.227 or latest version provided by Unitronics.
Read more: New Critical Vulnerabilities in Unitronics UniStream Devices Uncovered.
CWE-77: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION')
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could execute arbitrary commands from a remote computer.
CWE-285: IMPROPER AUTHORIZATION
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.
CWE-287:IMPROPER AUTHENTICATION
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
CWE-77: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION')
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
CWE-20: Improper Input Validation
MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.
CWE-284: Improper Access Control
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.
CWE-306: Missing Authentication for Critical Function
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
CWE-306: Missing Authentication for Critical Function
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication.
CWE-798: Use of Hard-coded Credentials
Multiple MachineSense devices have credentials unable to be changed by the user or administrator. Successful exploitation of this vulnerability could allow an attacker to obtain user data from devices, execute remote code on devices, or gain control over devices to perform malicious actions.
CWE-306: Missing Authentication for Critical Function
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser.
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Qualcomm LDB service. The issue results from the lack of proper validation of user-supplied data prior to further processing. An attacker can leverage this vulnerability to execute code in the context of root.
Qualcomm fixed the issue in a customer-only security update on January 1st, 2024.
CWE-209: Generation of Error Message Containing Sensitive Information
The affected product responds back with an error message containing sensitive data if it receives a specific malformed request.
Rapid Software did not respond to CISA's attempts at coordination. Users of Rapid SCADA are encouraged to contact Rapid Software and keep their systems up to date.
Login