DHS

Category Added in a WPeMatico Campaign

There are 849 posts filed in DHS (this is page 72 of 85).

Sielco PolyEco FM Transmitter

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 9.8
  • ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
  • Vendor: Sielco
  • Equipment: PolyEco1000
  • Vulnerabilities: Session Fixation, Improper Restriction of Excessive Authentication Attempts, Improper Access Control

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, access restricted pages, or hijack sessions.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Sielco PolyEco1000, a FM transmitter, are affected:

  • PolyEco1000: CPU:2.0.6 FPGA:10.19
  • PolyEco1000: CPU:1.9.4 FPGA:10.19
  • PolyEco1000: CPU:1.9.3 FPGA:10.19
  • PolyEco500: CPU:1.7.0 FPGA:10.16
  • PolyEco300: CPU:2.0.2 FPGA:10.19
  • PolyEco300: CPU:2.0.0 FPGA:10.19

3.2 Vulnerability Overview

3.2.1 SESSION FIXATION CWE-384

Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.

CVE-2023-0897 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.2.2 IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

CVE-2023-5754 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

3.2.3 IMPROPER ACCESS CONTROL CWE-284

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

CVE-2023-46661 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.4 IMPROPER ACCESS CONTROL CWE-284

Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.

CVE-2023-46662 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.2.5 IMPROPER ACCESS CONTROL CWE-284

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

CVE-2023-46663 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.2.6 IMPROPER ACCESS CONTROL CWE-284

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

CVE-2023-46664 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.2.7 IMPROPER ACCESS CONTROL CWE-284

Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.

CVE-2023-46665 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Communications
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Italy

3.4 RESEARCHER

CISA discovered a public proof of concept as authored by Gjoko Krstic of ZeroScience.

4. MITIGATIONS

Sielco has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of Sielco PolyEco FM Transmitter are invited to contact Sielco customer support for additional information.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

5. UPDATE HISTORY

  • October 26, 2023: Initial Publication

Rockwell Automation FactoryTalk View Site Edition

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 7.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Rockwell Automation
  • Equipment: FactoryTalk View Site Edition
  • Vulnerability: Improper Input Validation

2. RISK EVALUATION

Successful exploitation of this vulnerability could cause the product to become unavailable and require a restart to recover resulting in a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Rockwell Automation reports that the following versions of FactoryTalk View Site Edition are affected:

  • FactoryTalk View Site Edition: V11.0

3.2 Vulnerability Overview

3.2.1 IMPROPER INPUT VALIDATION CWE-20

FactoryTalk View Site Edition V11.0 insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.

CVE-2023-46289 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Rockwell Automation reported this vulnerability to CISA.

4. MITIGATIONS

Rockwell Automation has provided patches for these versions v11.0 & v12.0 & v13.0.

Rockwell Automation encourages users of the affected software to apply the risk mitigations if possible. Additionally, they encourage users to implement their suggested security best practices to minimize the risk

For more information, see Rockwell Automation’s security advisory.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

 

5. UPDATE HISTORY

  • October 26, 2023: Initial Publication

Mozilla Releases Security Advisories for Multiple Products

Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Mozilla advisories for more information and apply the necessary updates:

Rockwell Automation Stratix 5800 and Stratix 5200

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 10.0
  • ATTENTION: Exploitable remotely/low attack complexity/known public exploitation
  • Vendor: Rockwell Automation
  • Equipment: Stratix 5800 and Stratix 5200
  • Vulnerabilities: Unprotected Alternate Channel

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated attacker to take control of the affected system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Stratix products and the contained Cisco IOS software are affected:

  • Stratix 5800 (running Cisco IOS XE Software with the Web UI feature enabled): All versions
  • Stratix 5200 (running Cisco IOS XE Software with the Web UI feature enabled): All versions

3.2 Vulnerability Overview

3.2.1 UNPROTECTED ALTERNATE CHANNEL CWE-420

Rockwell Automation is aware of active exploitation of a previously unknown vulnerability in the web user interface feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated threat actor to create an account on a vulnerable system with privilege level 15 access. The threat actor could then potentially use that account to gain control of the affected system.

CVE-2023-20198 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United states

3.4 RESEARCHER

Rockwell Automation reported this vulnerability to CISA.

4. MITIGATIONS

Rockwell Automation strongly encourages users to follow guidance disabling Stratix HTTP servers on all internet-facing systems.

  • To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.
  • When implementing access controls for these services, be sure to review the controls because there is the potential for an interruption in production services.
  • Cisco Talos has provided Indicators of Compromise and Snort rules that can be found here.

For more information, see Rockwell Automation’s Security Advisory.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

5. UPDATE HISTORY

  • October 24, 2023: Initial Publication

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI).

The guidance now notes that Cisco has fixed these vulnerabilities for the 17.9 Cisco IOS XE software release train with the 17.9.4a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature, fixes are still to be determined for the following Cisco IOS XE software release trains: 17.6, 17.3, 16.12 (Catalyst 3650 and 3850 only). CISA urges organizations with the 17.9 Cisco IOS XE software release train to immediately update to the 17.9.4a release.

CISA urges organizations to review:

CISA has added CVE-2023-20198 and CVE-2023-20273 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.

Note: The Cisco Security Advisory initially pointed to another vulnerability as part of this activity. However, as stated in the Cisco Talos blog, Cisco has since determined that the vulnerability “CVE-2021-1435 that had previously been mentioned is no longer assessed to be associated with this activity.”