Peter Cheng

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. (affected versions not specified) Description: An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SIMATIC S7-PLCSIM versions V16 through V17 SIMATIC STEP 7 Safety versions V16 through V19 SIMATIC STEP 7 versions V16 through V19 SIMATIC WinCC Unified versions V16 through V19 SIMATIC WinCC versions V16 through V19 SIMOCODE ES versions V16 through V19 SIMOTION SCOUT TIA versions V5.4 SP1 through V5.6 SP1 SINAMICS Startdrive versions V16 through V19 SIRIUS Safety ES versions V17 through V19 SIRIUS Soft Starter ES versions V17 through V19 TIA Portal Cloud versions V16 through V19 Description: The affected products do not properly sanitize user-controllable input when parsing log files, which could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This issue is related to deficiencies in the deserialization mechanism. Exploitation of this issue may allow an attacker to execute arbitrary code. Recommendations: For SIMATIC S7-PLCSIM versions V16 through V17, update to a patched version. For SIMATIC STEP 7 Safety versions V16 through V19, update to a patched version. For SIMATIC STEP 7 versions V16 through V19, update to a patched version. For SIMATIC WinCC Unified versions V16 through V19, update to a patched version. For SIMATIC WinCC versions V16 through V19, update to a patched version. For SIMOCODE ES versions V16 through V19, update to a patched version. For SIMOTION SCOUT TIA versions V5.4 SP1 through V5.6 SP1, update to a patched version. For SINAMICS Startdrive versions V16 through V19, update to a patched version. For SIRIUS Safety ES versions V17 through V19, update to a patched version. For SIRIUS Soft Starter ES versions V17 through V19, update to a patched version. For TIA Portal Cloud versions V16 through V19, update to a patched version. As a temporary workaround, consider restricting access to log file parsing functionality until a patch is available.

Name of the Vulnerable Software and Affected Versions: SIMATIC S7-PLCSIM versions 17 through 18 SIMATIC STEP 7 Safety versions 17 through 19 SIMATIC STEP 7 versions 17 through 19 SIMATIC WinCC Unified PC Runtime versions 18 through 19 SIMATIC WinCC Unified versions 17 through 19 SIMATIC WinCC versions 17 through 19 SIMOCODE ES versions 17 through 19 SIMOTION SCOUT TIA versions 5.4 SP3 through 5.6 SP1 SINAMICS Startdrive versions 17 through 19 SIRIUS Safety ES versions 17 through 19 SIRIUS Soft Starter ES versions 17 through 19 TIA Portal Cloud versions 17 through 19 Description: The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user. The issue is related to insufficient input validation, which may enable an attacker to execute arbitrary code. Recommendations: For SIMATIC S7-PLCSIM versions 17 through 18, consider disabling the user settings parsing functionality until a patch is available. For SIMATIC STEP 7 Safety versions 17 through 19, restrict access to the user settings configuration to minimize the risk of exploitation. For SIMATIC STEP 7 versions 17 through 19, avoid using user-controllable input in the affected settings parsing functionality until the issue is resolved. For SIMATIC WinCC Unified PC Runtime versions 18 through 19, consider implementing additional input validation measures to prevent arbitrary command execution. For SIMATIC WinCC Unified versions 17 through 19, restrict access to the user settings configuration to minimize the risk of exploitation. For SIMATIC WinCC versions 17 through 19, avoid using user-controllable input in the affected settings parsing functionality until the issue is resolved. For SIMOCODE ES versions 17 through 19, consider disabling the user settings parsing functionality until a patch is available. For SIMOTION SCOUT TIA versions 5.4 SP3 through 5.6 SP1, restrict access to the user settings configuration to minimize the risk of exploitation. For SINAMICS Startdrive versions 17 through 19, avoid using user-controllable input in the affected settings parsing functionality until the issue is resolved. For SIRIUS Safety ES versions 17 through 19, consider implementing additional input validation measures to prevent arbitrary command execution. For SIRIUS Soft Starter ES versions 17 through 19, restrict access to the user settings configuration to minimize the risk of exploitation. For TIA Portal Cloud versions 17 through 19, consider disabling the user settings parsing functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MELSEC iQ-F/iQ-R Series CPU modules (affected versions not specified) **Description** The issue allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this issue will persist while the attacker continues to attempt unauthorized login. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess SCADA versions 9.0.3 and prior **Description** The issue allows an authenticated user to disclose project names and paths from other users using API functions. **Recommendations** For Advantech WebAccess SCADA versions 9.0.3 and prior, consider restricting access to API functions until a patch is available. As a temporary workaround, limit the use of API functions that can disclose project names and paths to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Delta Industrial Automation COMMGR versions 1.12 and prior **Description** The issue is related to a stack-based buffer overflow in the Delta Industrial Automation COMMGR software. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The exploitation of this issue may enable an attacker to execute remote code. **Recommendations** For versions 1.12 and prior, update to a version that fixes the stack-based buffer overflow issue to prevent potential remote code execution. As a temporary workaround, consider restricting access to the COMMGR software until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WECON LeviStudioU versions prior to Release Build 2019-09-21 **Description** A heap-based buffer overflow issue exists when processing project files. Opening a specially crafted project file could allow an attacker to execute code under the privileges of the application. **Recommendations** For versions prior to Release Build 2019-09-21, consider avoiding the use of project files from untrusted sources until a fix is available. As a temporary workaround, restrict access to project file processing to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LeviStudioU versions 2019-09-21 and prior **Description** Multiple buffer overflow vulnerabilities exist when the application processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. **Recommendations** For versions 2019-09-21 and prior, consider avoiding the use of project files from untrusted sources until a patch is available. As a temporary workaround, restrict the processing of project files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess versions 8.4.2 and prior **Description** A stack-based buffer overflow vulnerability is caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. This issue is related to the lack of proper input validation, allowing an attacker to potentially execute arbitrary code remotely. **Recommendations** For Advantech WebAccess versions 8.4.2 and prior, update to a version later than 8.4.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.