โŒ

Normal view

There are new articles available, click to refresh the page.
Before yesterdayMain stream

ESB-2023.0637 - [Win] VMware Workstation: CVSS (Max): 7.8

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0637
           VMware Workstation update addresses an arbitrary file
                  deletion vulnerability (CVE-2023-20854)
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           VMware Workstation
Publisher:         VMWare
Operating System:  Windows
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-20854  

Original Bulletin: 
   https://www.vmware.com/security/advisories/VMSA-2023-0003.html

Comment: CVSS (Max):  7.8 CVE-2023-20854 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: VMware
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Advisory ID: VMSA-2023-0003
CVSSv3 Range: 7.8
Issue Date: 2023-02-02
Updated On: 2023-02-02 (Initial Advisory)
CVE(s): CVE-2023-20854
Synopsis: VMware Workstation update addresses an arbitrary file deletion
vulnerability (CVE-2023-20854)

1. Impacted Products

  o VMware Workstation

2. Introduction

An arbitrary file deletion vulnerability in VMware Workstation was privately
reported to VMware. Updates are available to remediate this vulnerability in
the affected VMware product.

3. Arbitrary file deletion vulnerability (CVE-2023-20854)

Description

VMware Workstation contains an arbitrary file deletion vulnerability. VMware
has evaluated the severity of this issue to be in the Important severity range
with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors

A malicious actor with local user privileges on the victim's machine may
exploit this vulnerability to delete arbitrary files from the file system of
the machine on which Workstation is installed.

Resolution

To remediate CVE-2023-20854 update to the version listed in the 'Fixed Version'
column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Frederik Reiter of cirosec GmbH for reporting this
issue to us.

Response Matrix

Product     Version Running CVE Identifier CVSSv3 Severity  Fixed   Workarounds Additional
                    On                                      Version             Documentation
VMware      17.x    Windows CVE-2023-20854 7.8    important 17.0.1  None        None
Workstation

4. References

Fixed Version(s) and Release Notes:

VMware Workstation 17.0.1:
Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/info/slug/
desktop_end_user_computing/vmware_workstation_pro/17_0
https://docs.vmware.com/en/VMware-Workstation-Pro/17.0.1/rn/
vmware-workstation-1701-pro-release-notes/index.html

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20854

FIRST CVSSv3 Calculator:
CVE-2023-20854: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/
PR:L/UI:N/S:U/C:H/I:H/A:H

5. Change Log

2023-02-02 VMSA-2023-0003
Initial security advisory.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9yjO8kNZI30y1K9AQhfvg/8CDlkZ06xxwcuSen0H+xQc73wmWsEBjgh
Tvwnio6xoWb7oM83/A1Ho2wZ4j/Oxf8FFQrcE9v6hm150uYpfsCPudRB6ij69DwE
YuSzG6NnwZbUc0KrYkk3M0V8oLXLQyxOQHWV4RW1EpvGoaZyP1zum0dp0gDAGikC
DES5PfGhPNGWaDWWpyAM/3HYfjkyOB+xyP6PBTAiUQJ7oefagbuxb36qx4t7Cz3j
BmGGA6WK/hAvTZbD6+08tG/P/NY0JYBto9LlsBmZwAQTVC/i3uuvlxpjvsmiZ+xV
6MYRmCXyxzMWpanodnPWj83D/1teC0Rcmp6O6Kv9uZqrzg771M0XMYkizt+GAmNY
7yIe5BbYoqePlKdSEDiWo0P3hBGNMsKEZLOWAwBoALt+eSJJqxwIYrwe4W030Dnu
16GX89OezCntDh+C6YzA0rmEMrg1gw7yY+hMcXDkGiFJSoNAgR22wqniqexhNY+k
D1zJOz/I0m4QRxdkrMAfcgZ3dwcFhAwGsRdQRn6pA2PJGpW2FymZDZUBauU8NvSG
uE7//ub7q5jn/filYNMSxYw8k30JM05lDsWNcQlx84dlF1EBbZTM0BYbFud8ny5L
X5Nxw3Yg2nVm6tjodgymulFZStbCtHwmDFvA9H0DdoPjVP/R+0QVJGcYRZUGyrJT
OJpyY8XJUxU=
=t19V
-----END PGP SIGNATURE-----

ESB-2023.0636 - [SUSE] Linux Kernel: CVSS (Max): 7.0

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0636
    Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP1)
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-3424  

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2023/suse-su-20230231-1

Comment: CVSS (Max):  7.0 CVE-2022-3424 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for
SLE 15 SP1)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2023:0231-1
Rating:            important
References:        #1204167
Cross-References:  CVE-2022-3424
Affected Products:
                   SUSE Linux Enterprise High Performance Computing 15-SP1
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Server 15-SP1
                   SUSE Linux Enterprise Server for SAP Applications 15-SP1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for the Linux Kernel 4.12.14-197_108 fixes one issue.
The following security issue was fixed:

  o CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault
    () and gru_handle_user_call_os() that could lead to kernel panic (bsc#
    1204167).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-231=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2023-232=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_105-default-13-150100.2.2
       kernel-livepatch-4_12_14-197_108-default-12-150100.2.2


References:

  o https://www.suse.com/security/cve/CVE-2022-3424.html
  o https://bugzilla.suse.com/1204167

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9x/nckNZI30y1K9AQhhXw//YZeiuyqFICi5hJgueofmYdWLZ4d//emX
2K4c23AttwZFURFRZ5YeXCxySwwPuMP2QtxxHYX7aUQAfY4Hw67SqHEyYJUtMYuM
0vmJ6ewp1CLcePFR52ogX73LqLuyTYSZePjTokWfJ+R2MpIh/Njq1N6IYCrdxO7k
lrQnZbJq9G6KnLNIKgWA3hcPcdSn/ztG3+z3KeihKD8SRKdD2lp2+Fp9L4EyRshT
bmtNKdbl8X3x8s9s+Cnwlc6Oq+ooHjm+uFCMEot9kV3E0yH6rG+jFd6eIsLz4VuJ
szutJFedz0tSQ5FnX2Zc9Yv5cA5NOr7fwS31XQGYjqo/Is5637ymwW8HvAtvsymq
RI49W2MUfW+r+rT61Dl4Z/6wkjHtV4j44qRUcJDUh/OJL1jpiCSNYoWwRr9YQCrc
990dbILRlYjGGrlzjMiPCG7p8CXPBHM5h7U/htAj9hdDJv042J4CUNnhNbT4pAwi
h4egTDqiJG+f+sjOQ1iu+z8ZPasGWUkM+sYVr2UELQqKsTVy3BPsIaFrqIPvmn0x
VhaYvkmLK4N4Cx4gNot/owM146oXxZKNoVdSupC1LzymzOqWwZ/i+NJcKBSIMj/X
quV/zCYqN4w+d+eYn1UQFwPVKyJ3q6npp8zVjvmbjtepWFhYXsigsQF72zYnDZFK
IGQlM89lAFc=
=cxir
-----END PGP SIGNATURE-----

ESB-2023.0635 - [SUSE] Linux Kernel: CVSS (Max): 7.8

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0635
    Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-3424 CVE-2022-2602 

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2023/suse-su-20230229-1

Comment: CVSS (Max):  7.8 CVE-2022-2602 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for
SLE 15 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2023:0229-1
Rating:            important
References:        #1204167 #1205186
Cross-References:  CVE-2022-2602 CVE-2022-3424
Affected Products:
                   SUSE Linux Enterprise High Performance Computing 15-SP2
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
                   SUSE Linux Enterprise Server 15-SP2
                   SUSE Linux Enterprise Server for SAP Applications 15-SP2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues.
The following security issues were fixed:

  o CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault
    () and gru_handle_user_call_os() that could lead to kernel panic (bsc#
    1204167).
  o CVE-2022-2602: Fixed a local privilege escalation vulnerability involving
    Unix socket Garbage Collection and io_uring (bsc#1205186).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-228=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2023-229=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2023-230=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-150200_24_115-default-10-150200.2.1
       kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-10-150200.2.1
       kernel-livepatch-5_3_18-150200_24_126-default-7-150200.2.1
       kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-7-150200.2.1
       kernel-livepatch-5_3_18-150200_24_129-default-4-150200.2.1
       kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-4-150200.2.1
       kernel-livepatch-SLE15-SP2_Update_27-debugsource-10-150200.2.1
       kernel-livepatch-SLE15-SP2_Update_29-debugsource-7-150200.2.1
       kernel-livepatch-SLE15-SP2_Update_30-debugsource-4-150200.2.1


References:

  o https://www.suse.com/security/cve/CVE-2022-2602.html
  o https://www.suse.com/security/cve/CVE-2022-3424.html
  o https://bugzilla.suse.com/1204167
  o https://bugzilla.suse.com/1205186

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9x/lckNZI30y1K9AQi1zA//XD3jQBbkJPubeugUK1U0LLlUYdtDpAo1
r1in7Lpo46cqnu8FFGieioXP2Yc7BE6ERNGEXJ9iiu8bU0e7KmWsBO9K3k1lzpPk
X67ex3Q+EVNVOyGG8cIOwdMP85fGg6fOdH2HH+tx5wWMmrYNRvWgdBubxFZpWDdE
19u8fJ71OOuIanrQeWLwZFWqsvxtQDikfwS1vCSncjO4LAaxEjzvKnF6ff5/iUhk
zEfaiQHC7NXVgCWAT2yosbvL2YuYHEVWA9YI2GgOUUgjxs2SZhYpW58TpX6pAZTO
COq6h4CVIWJRbvcwcI2Z/xfeG2quW3CSmYRk57eFgEdoHHml2ACIt8RcqGRiFR8D
JCLab7YdTk4Kb/OSzt67eBH8+UWugfca1mhLgqh3nilmxCyagjjUZaLUAFEK6ogh
jd6R8sdqL2DmAMmh6veLc2NrpSZctoounclV2Bt5nw6K9Rfuou62H2Q5wVozf1HB
HUyumB9WTuvzbu5jqsnj+n73xTT0kJDD6zSLDFo6NXzfs75MhMm5waSmt9tJ3HYO
WLcy/wov/GPQv05vriYtD+FPnWa7r4D1fpZZeCK2Fb5DxIga1VoKmYSL10J8WXst
BeDWE70IxNXAVsmDfoHMrQOdX6sIOFBz3KKP7jeqHD5IX8qTqEvszPWQaIhgYwIl
Fhzow2yhlqc=
=Mnfd
-----END PGP SIGNATURE-----

ESB-2023.0634 - [SUSE] Linux Kernel: CVSS (Max): 7.0

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0634
    Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP1)
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-3424  

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2023/suse-su-20230227-1

Comment: CVSS (Max):  7.0 CVE-2022-3424 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for
SLE 15 SP1)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2023:0227-1
Rating:            important
References:        #1204167
Cross-References:  CVE-2022-3424
Affected Products:
                   SUSE Linux Enterprise High Performance Computing 15-SP1
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Server 15-SP1
                   SUSE Linux Enterprise Server for SAP Applications 15-SP1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for the Linux Kernel 4.12.14-150100_197_123 fixes one issue.
The following security issue was fixed:

  o CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault
    () and gru_handle_user_call_os() that could lead to kernel panic (bsc#
    1204167).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-227=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-150100_197_123-default-3-150100.2.1


References:

  o https://www.suse.com/security/cve/CVE-2022-3424.html
  o https://bugzilla.suse.com/1204167

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9x/jskNZI30y1K9AQi1wg/+NGfroajZwnRpUALdHv+FeZFeFYOHyZbz
LqbAPWM5Lx1YkHOyj83hn6MvaNi4il3yPJmeRgoAZyqf7Bjji6GvmC7pCOJ6dRMQ
uaAd9jSW8t8+jdiIm7/Lna10/XIzhw2rCvze/CITTONGIsGQEqHhl8qWv9PnvIjJ
udE10j0X8VjxqrXVLr4qnJm4+EY+yRgy0h/uH01De6OEDE3sD43LWY1+RhdkRVGo
127jXFS0rbNlM6lciGd+JGf+lORA5zNCNUTkehH+/7+xhoww1PQz/0S6qMZKLien
lggMllsXFM+BaH0fYeRrZorjt93HKskNYQM854t+egZTX5y7VEISVj1JNhtz6i6+
pYzDt5cP0hExPkxBd9j5fe+z2AX9zll4dPkrnzqBcRcbH/UKH8Lk91nCZU40Dxt8
jd4ATN24oGSPcaNjRj9oIlqNMHEtLfRqK0qxACzCKM5hX8pzKOhcKeUoEdggKXM5
p8UMCEnf6e2VOVtb2LVdDSgd5EusboNJEFfp1n5c4Vm+MYDGlPz00s22wScThAo+
szkB9J+bxwnZep5Va2H1ic2LJT93+sAxqm8xcpAmDalEKFKjd1m2+mP2B5HPQBjb
9OKstLA0ypqj032qHeEQ9Te8VTPUZ4zLQAqpySnT3KUYRxxiO/+a+ZmVJnWitBkg
YhRTu2I2+K8=
=8BUi
-----END PGP SIGNATURE-----

ESB-2023.0633 - [Win][Linux] Jira Service Management Server and Data Center: CVSS (Max): None

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0633
 Jira Service Management Server and Data Center Advisory (CVE-2023-22501)
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Jira Service Management Server
                   Jira Service Data Center
Publisher:         Atlassian
Operating System:  Windows
                   Linux variants
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-22501  

Original Bulletin: 
   https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-2023-02-01-1188786458.html

Comment: CVSS (Max):  None available when published

- --------------------------BEGIN INCLUDED TEXT--------------------

+----------------+------------------------------------------------------------+
|    Summary     |CVE-2023-22501 - Broken Authentication vulnerability in Jira|
|                |Service Management                                          |
+----------------+------------------------------------------------------------+
|Advisory Release|01 February 2023 10:00 AM PDT (Pacific Time, -7 hours)      |
|      Date      |                                                            |
+----------------+------------------------------------------------------------+
|                |  o Jira Service Management Server                          |
|    Product     |                                                            |
|                |  o Jira Service Management Data Center                     |
+----------------+------------------------------------------------------------+
|   CVE ID(s)    |CVE-2023-22501                                              |
+----------------+------------------------------------------------------------+

Summary of Vulnerability

This advisory discloses a critical severity security vulnerability which was
introduced in version 5.3.0 of Jira Service Management Server and Data Center.
The following versions are affected by this vulnerability:

  o 5.3.0

  o 5.3.1

  o 5.3.2

  o 5.4.0

  o 5.4.1

  o 5.5.0

An authentication vulnerability was discovered in Jira Service Management
Server and Data Center which allows an attacker to impersonate another user and
gain access to a Jira Service Management instance under certain circumstances.
With write access to a User Directory and outgoing email enabled on a Jira
Service Management instance, an attacker could gain access to signup tokens
sent to users with accounts that have never been logged into. Access to these
tokens can be obtained in two cases:

  o If the attacker is included on Jira issues or requests with these users, or

  o If the attacker is forwarded or otherwise gains access to emails containing
    a "View Request" link from these users.

Bot accounts are particularly susceptible to this scenario. On instances with
single sign-on, external customer accounts can be affected in projects where
anyone can create their own account.


The issue can be tracked here: JSDSERVER-12312 - Getting issue details... 
STATUS

+-----------------------------------------------------------------------------+
|Atlassian Cloud sites are not affected.                                      |
|                                                                             |
|If your Jira site is accessed via an atlassian.net domain, it is hosted by   |
|Atlassian and you are not affected by the vulnerability.                     |
+-----------------------------------------------------------------------------+

Severity

Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.

This is our assessment and you should evaluate its applicability to your own IT
environment.

Affected Versions

Jira Service Management Server and Data Center versions 5.3.0 to 5.3.1 and
5.4.0 to 5.5.0 are affected by this vulnerability.

+----------------------------------------------+-----------------+
|                   Product                    |Affected Versions|
+----------------------------------------------+-----------------+
|                                              |  o 5.3.0        |
|                                              |                 |
|                                              |  o 5.3.1        |
|                                              |                 |
|                                              |  o 5.3.2        |
|Jira Service Management Server and Data Center|                 |
|                                              |  o 5.4.0        |
|                                              |                 |
|                                              |  o 5.4.1        |
|                                              |                 |
|                                              |  o 5.5.0        |
+----------------------------------------------+-----------------+

Fixed Versions

+----------------------------------------------+------------------+
|                   Product                    |  Fixed Versions  |
+----------------------------------------------+------------------+
|                                              |  o 5.3.3         |
|                                              |                  |
|                                              |  o 5.4.2         |
|Jira Service Management Server and Data Center|                  |
|                                              |  o 5.5.1         |
|                                              |                  |
|                                              |  o 5.6.0 or later|
+----------------------------------------------+------------------+

What You Need to Do

Atlassian recommends that you upgrade each of your affected installations to
one of the listed fixed versions (or any later version) above (see the "Fixed
Versions" section of this page for details). For a full description of the
latest version of Jira Service Management Server and Data Center, see the
release notes. You can download the latest version of Jira Service Management
and Data Center from the download center. For Frequently Asked Questions (FAQ),
click here.

Mitigation

Installing a fixed version of Jira Service Management is the recommended way to
remediate this vulnerability. If you are unable to immediately upgrade Jira
Service Management, you can manually upgrade the version-specific
servicedesk-variable-substitution-plugin JAR file as a temporary workaround.

+-----------------+-----------------------------------------------------------+
|  Jira Service   |                                                           |
|   Management    |                         JAR File                          |
|    Versions     |                                                           |
+-----------------+-----------------------------------------------------------+
|5.5.0            |[placeholde]                                               |
|                 |servicedesk-variable-substitution-plugin-5.5.1-REL-0005.jar|
+-----------------+-----------------------------------------------------------+
|5.4.0, 5.4.1     |[placeholde]                                               |
|                 |servicedesk-variable-substitution-plugin-5.4.2-REL-0005.jar|
+-----------------+-----------------------------------------------------------+
|5.3.0, 5.3.1,    |[placeholde]                                               |
|5.3.2            |servicedesk-variable-substitution-plugin-5.3.3-REL-0001.jar|
+-----------------+-----------------------------------------------------------+

To update the servicedesk-variable-substitution-plugin JAR file:

 1. Download the version-specific JAR file from the table above.
 2. Stop Jira.
 3. Copy the JAR file into your Jira home directory.

     1. For Server: /plugins/installed-plugins

     2. For Data Center: /plugins/installed-plugins
 4. Start Jira.

Detection

Atlassian cannot confirm if your instance has been affected by this
vulnerability, but there are some steps you can follow to investigate your
instances for potential unauthorized access. You can see the detailed steps
outlined on the Frequently Asked Questions (FAQ) page here.

Last modified on Feb 1, 2023

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xh/MkNZI30y1K9AQjP3w//dUIW42s2vNhxiV1evheGviXOwcPlAVPl
J4Ocq6YRjs1x5DnnskO0dBAsUJ4/kdLds4ClbUNRlw2ffo6poZK8Q6pK5fTLMlaH
Swm+bMza8Qg3RSE7ATEsWL3b0TCtaDYnFAGiCyWUhioZS598C5+lECEdbGmgKA0O
xdzIiYK0Gqo16d0PNBwVUvYphXj06DbLh338mPJNIhdV4oIxFpKLHJNy+k0Bwqxp
LGmtEotZvTjbblwBmVWztfrc35/uXV1WkSRJoWWGRuz+lmjuOWkzZxdJBFN0QVil
M6JBHEqG3xEtiGmSGYSvBHS8NpI+QuwGQzw1cCiPThq28HTKFGdjCaT5fqZX3MT5
6TzEQ+CeEaHEjsu3E7Hr961zUJtUDl+2iBNsjyZSUIKs9/Ay9sQ8o3SnB6Ib2SYM
E0X/rtCVettfU7liKJ6k6f1UNjuRKO8VrcNLFbBjS4LEFiMzBJ/AuD9fpUQErkVw
M+ZgbzWUTTd4EQ6nwZt9pKBj17Yzz5lTheSpng1SbTcJ/GgO8ukTyyROsNRasWB0
SOnwgex+9ZZvuPEMT+x34Q15DdJqdJVvt/n6TZFORV0pg/f494HGDCKtrpYLwJQh
EuXl9ENwhSNz+sNj9+Ah5S9cJmaiXYIXQxANo+nu/BUqTERQmTahHqqPp2N9o/tz
+17a2ZlDygo=
=/e5O
-----END PGP SIGNATURE-----

ESB-2023.0632 - [Linux][AIX] WebSphere Application Server Patterns: CVSS (Max): 6.5

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0632
Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application
        Server October 2022 CPU that is bundled with IBM WebSphere
                        Application Server Patterns
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           WebSphere Application Server Patterns
Publisher:         IBM
Operating System:  Linux variants
                   AIX
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-21628 CVE-2022-21626 CVE-2022-21624
                   CVE-2022-21619 CVE-2022-3676 

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6912697

Comment: CVSS (Max):  6.5 CVE-2022-3676 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
         CVSS Source: IBM
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM
WebSphere Application Server October 2022 CPU that is bundled with IBM
WebSphere Application Server Patterns

Document Information

Document number    : 6912697
Modified date      : 01 February 2023
Product            : WebSphere Application Server Patterns
Component          : -
Software version   : Version Independent
Operating system(s): Linux
                     AIX

Security Bulletin


Summary

IBM WebSphere Application Server is shipped as a component of IBM WebSphere
Application Server Patterns. There are multiple vulnerabilities in the IBM SDK
Java Technology Edition that is shipped with IBM WebSphere Application Server.
These issues were disclosed in the IBM Java SDK updates in October 2022.
Information about security vulnerabilities affecting IBM WebSphere Application
Server Patterns has been published and is referenced in this security bulletin.

Vulnerability Details

CVEID: CVE-2022-21628
DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in
the Lightweight HTTP Server. By sending a specially-crafted request, a remote
attacker could exploit this vulnerability to cause a denial of service
condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
238623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2022-21626
DESCRIPTION: An unspecified vulnerability in Java SE related to the Security
component could allow an unauthenticated attacker to cause a denial of service
resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2022-21624
DESCRIPTION: An unspecified vulnerability in Java SE related to the Security
component could allow an unauthenticated attacker to update, insert or delete
data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2022-21619
DESCRIPTION: An unspecified vulnerability in Java SE related to the Security
component could allow an unauthenticated attacker to update, insert or delete
data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
238698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2022-3676
DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security
restrictions, caused by improper runtime type check by the interface calls. By
sending a specially-crafted request using bytecode, an attacker could exploit
this vulnerability to access or modify memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
239608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0
through 1.0.0.7 and 2.2.0.0 through 2.3.3.5.


Remediation/Fixes

Please see the Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere
Application Server and IBM WebSphere Application Server Liberty due to the
October 2022 CPU to determine which IBM WebSphere Application Server versions
are affected and to obtain the JDK fixes. The interim fix
1.0.0.0-WS-WASPATTERNS-JDK-2210 can be used to apply the April and July 2022
SDK iFixes in a PureApplication or Cloud Pak System Environment.

Download and apply the interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2210 .

Workarounds and Mitigations

None

IBM Java SDK Security Bulletin

Change History

1 Feb 2023: Initial Publication

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to
address potential vulnerabilities, IBM periodically updates the record of
components contained in our product offerings. As part of that effort, if IBM
identifies previously unidentified packages in a product/service inventory, we
address relevant vulnerabilities regardless of CVE date. Inclusion of an older
CVEID does not demonstrate that the referenced product has been used by IBM
since that date, nor that IBM was aware of a vulnerability as of that date. We
are making clients aware of relevant vulnerabilities as we become aware of
them. "Affected Products and Versions" referenced in IBM Security Bulletins are
intended to be only products and versions that are supported by IBM and have
not passed their end-of-support or warranty date. Thus, failure to reference
unsupported or extended-support products and versions in this Security Bulletin
does not constitute a determination by IBM that they are unaffected by the
vulnerability. Reference to one or more unsupported versions in this Security
Bulletin shall not create an obligation for IBM to provide fixes for any
unsupported or extended-support products or versions.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xh6MkNZI30y1K9AQjUDg/8DrAyoUW9zWM7jbIq0d0xR/yycs71gRCJ
aTyqxfoOQd1yFDVSjAnvUe08jgQ/vQkUet1gACPUD15TTTYKPTIHlv0/S3TWi6fL
km+Scsx1nyf5KHkBbN6SfdkH11Q8zETpkb9nSi+aYvuJQBQ+fFOm2/vA5fuZA7iC
TA2o76Nv4dRyaYT30EG9BffFrmN/fG7GRXIQwzSvYWAQsSGu+px6ZPMuGlO3+C3k
b3L9vCXEERs4JM7RtWRSZUCKvpEbaR0ZrESheApGkr8bUu6LD/4W5YHd1lFjmt7u
VEsr3Fzi/aUlp3lGdqp6JX+6gCnRjWeX9rz4K3egHU+Z2YI1h2auk/X0Z6Y5x06X
W6uC9Mo8YuarbUQWdApnJo1KIZORUHZbD3l6iSJzMrAnKb6Wp/s8WZXXGYp7b89u
WEe7X3oetFwnHRlv5T/n75ZTusFvO5nzdvKgA24xCDqERk3z8Jq9b+RVa97bMHvQ
AlCq16hszot6L4whZukHVn5+5u6+Xw+s3B7jywdkP5bBgDnTG6JkEn86/IaTHE5B
BxDAbNkPUrrcUNU8Kl2EUb3IUuwCcInMvN4Nz9WUk0nO9uClgFxXGgMcSxmqP8HB
xWx6v1UuXf70pje7e9dhGMPdMfoqa72+u1tdq/6MZxOwE7WYLk+MAtUUxsG5pXdh
l3tsQXYW+QE=
=YFo4
-----END PGP SIGNATURE-----

ESB-2023.0631 - [Win][Linux][IBM i][AIX] IBM MQ: CVSS (Max): 6.2

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0631
             IBM MQ is affected by FasterXML jackson-databind
             vulnerabilities (CVE-2022-42003, CVE-2022-42004)
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM MQ
Publisher:         IBM
Operating System:  AIX
                   Linux variants
                   Linux on IBM Z Systems
                   IBM i
                   Windows
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-42004 CVE-2022-42003 

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6952181

Comment: CVSS (Max):  6.2 CVE-2022-42004 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
         CVSS Source: IBM
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: IBM MQ is affected by FasterXML jackson-databind
vulnerabilities (CVE-2022-42003, CVE-2022-42004)

Document Information

Document number    : 6952181
Modified date      : 02 February 2023
Product            : IBM MQ
Component          : -
Software version   : 9.2.0, 9.3.0
Operating system(s): AIX
                     Linux
                     Linux on IBM Z Systems
                     IBM i
                     Windows

Security Bulletin


Summary

Multiple issues were identified with the Jackson library that is used within
the IBM MQ Console to provide REST API functionality.

Vulnerability Details

CVEID: CVE-2022-42003
DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service,
caused by a lack of a check in the primitive value deserializers when the
UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted
request using deep wrapper array nesting, a local attacker could exploit this
vulnerability to exhaust all available resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
237662 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2022-42004
DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service,
caused by a lack of a check in in the BeanDeserializer._deserializeFromArray
function. By sending a specially-crafted request using deeply nested arrays, a
local attacker could exploit this vulnerability to exhaust all available
resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
237660 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

+--------------------+----------+
|Affected Product(s) |Version(s)|
+--------------------+----------+
|IBM MQ              |9.2 CD    |
+--------------------+----------+
|IBM MQ              |9.3 CD    |
+--------------------+----------+
|IBM MQ              |9.3 LTS   |
+--------------------+----------+

The following installable MQ components are affected by the vulnerability:
o REST API and Console

If you are running any of these listed components, please apply the remediation
/fixes as described below. For more information on the definitions of
components used in this list see https://www.ibm.com/support/pages/
installable-component-names-used-ibm-mq-security-bulletins

Remediation/Fixes

This issue was resolved under APAR IT42344

IBM MQ Version 9.3 LTS

Apply fix pack 9.3.0.2

IBM MQ version 9.2 CD and 9.3 CD

Upgrade to IBM MQ 9.3.1 and apply cumulative security update 9.3.1.1

Workarounds and Mitigations

None

Change History

02 Feb 2023: Initial Publication

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to
address potential vulnerabilities, IBM periodically updates the record of
components contained in our product offerings. As part of that effort, if IBM
identifies previously unidentified packages in a product/service inventory, we
address relevant vulnerabilities regardless of CVE date. Inclusion of an older
CVEID does not demonstrate that the referenced product has been used by IBM
since that date, nor that IBM was aware of a vulnerability as of that date. We
are making clients aware of relevant vulnerabilities as we become aware of
them. "Affected Products and Versions" referenced in IBM Security Bulletins are
intended to be only products and versions that are supported by IBM and have
not passed their end-of-support or warranty date. Thus, failure to reference
unsupported or extended-support products and versions in this Security Bulletin
does not constitute a determination by IBM that they are unaffected by the
vulnerability. Reference to one or more unsupported versions in this Security
Bulletin shall not create an obligation for IBM to provide fixes for any
unsupported or extended-support products or versions.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xh28kNZI30y1K9AQjPLw/+Kn6uAVUKVgYPafZaYzmdqnD2+m0fJN+w
+3UlzKzxKLrbbY6ly8h+EZQwCm3vd9p5ZqTN0XrVXmqoHF79qCt3eQzhltO3Tm4g
mG+UL5GFoZ8xvH7qmxDr/ByiMSyflV3RfR5Q69xzEzN+8eG2LdmggrHOnv8IMMpE
8Ros8HMIBcQisX5qS4qlyb4uYP/SZmqEOt0cdszEgip4t7KoW7XocmNRC4KLtEW/
RQPprqoweMFyhn+7H7sBZNygSiKy0CkVFa8DxHBDEpcAem+nzj6TXX9IO+yzWQMR
ffyu2oVSYeD93pt8HnYVdF7livvrkeld0TdnTTYQI7cklV2s3NjFwPW2hlPT2VJL
U+UDE/hmOTGDC18sWe5cQlM43rv+trA//dAc2Viis4meYgXy68fEmtQhSop6xl25
LCbrRa8Ug/n4roZWa+FNy2XjfQCtLsE13gpoasMzQnTddz/EgdxYQvizdSttV2KI
0+SAJcEeQjyvEyEaQXb5qJ2fqoiXZ5afmYuHkTcC1LmQ1K7VqFFAxGKb8psB4DcE
JmkDfQpiZ04KYZkjg/wOTQU+oxJWkuQeyR1Ps3wUYhoa5v2R7pfRUTfE60Fzat2Q
TZ3Z5Vzduddpqe0kCEJ5Di6pNV55mZyZKzLcJBU5ZiSXxeXpJqOmZuxmhW2KntqN
/KuG4EAxFz8=
=Jhf8
-----END PGP SIGNATURE-----

ESB-2023.0630 - [Win][Linux][IBM i][Solaris] IBM MQ: CVSS (Max): 4.0

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0630
 IBM MQ Managed File Transfer could allow a local user to obtain sensitive
            information from diagnostic files. (CVE-2022-42436)
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM MQ
Publisher:         IBM
Operating System:  Linux variants
                   Solaris
                   IBM i
                   Windows
                   Linux on IBM Z Systems
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-42436  

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6909467

Comment: CVSS (Max):  4.0 CVE-2022-42436 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
         CVSS Source: IBM
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: IBM MQ Managed File Transfer could allow a local user to
obtain sensitive information from diagnostic files. (CVE-2022-42436)

Document Information

Document number    : 6909467
Modified date      : 02 February 2023
Product            : IBM MQ
Component          : Managed File Transfer
Software version   : 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0
Operating system(s): Linux
                     Solaris
                     IBM i
                     AIX
                     Windows
                     Linux on IBM Z Systems

Security Bulletin


Summary

An issue was identified with IBM MQ Managed File Transfer where sensitive
information was printed within diagnostics files.

Vulnerability Details

CVEID: CVE-2022-42436
DESCRIPTION: IBM MQ Managed File Transfer could allow a local user to obtain
sensitive information from diagnostic files.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
238206 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

+--------------------+----------+
|Affected Product(s) |Version(s)|
+--------------------+----------+
|IBM MQ              |8.0       |
+--------------------+----------+
|IBM MQ              |9.0 LTS   |
+--------------------+----------+
|IBM MQ              |9.1 CD    |
+--------------------+----------+
|IBM MQ              |9.1 LTS   |
+--------------------+----------+
|IBM MQ              |9.2 CD    |
+--------------------+----------+
|IBM MQ              |9.2 LTS   |
+--------------------+----------+
|IBM MQ              |9.3 CD    |
+--------------------+----------+
|IBM MQ              |9.3 LTS   |
+--------------------+----------+

The following installable MQ components are affected by the vulnerability:
o Managed File Transfer

If you are running any of these listed components, please apply the remediation
/fixes as described below. For more information on the definitions of
components used in this list see https://www.ibm.com/support/pages/
installable-component-names-used-ibm-mq-security-bulletins

Remediation/Fixes

This issue was resolved under APAR IT42204.

IBM MQ version 8.0

Apply iFix for APAR IT42204

IBM MQ Version 9.0 LTS

Apply CSU 9.0.0.14

IBM MQ Version 9.1 LTS

Apply CSU 9.1.0.13

IBM MQ Version 9.2 LTS

Apply FixPack 9.2.0.7

IBM MQ Version 9.3 LTS

Apply FixPack 9.3.0.2

IBM MQ 9.1 CD and IBM MQ 9.2 CD and IBM MQ 9.3 CD

Upgrade to IBM MQ 9.3.1.1

Workarounds and Mitigations

None

Change History

01 Feb 2023: Initial Publication

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to
address potential vulnerabilities, IBM periodically updates the record of
components contained in our product offerings. As part of that effort, if IBM
identifies previously unidentified packages in a product/service inventory, we
address relevant vulnerabilities regardless of CVE date. Inclusion of an older
CVEID does not demonstrate that the referenced product has been used by IBM
since that date, nor that IBM was aware of a vulnerability as of that date. We
are making clients aware of relevant vulnerabilities as we become aware of
them. "Affected Products and Versions" referenced in IBM Security Bulletins are
intended to be only products and versions that are supported by IBM and have
not passed their end-of-support or warranty date. Thus, failure to reference
unsupported or extended-support products and versions in this Security Bulletin
does not constitute a determination by IBM that they are unaffected by the
vulnerability. Reference to one or more unsupported versions in this Security
Bulletin shall not create an obligation for IBM to provide fixes for any
unsupported or extended-support products or versions.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xh0skNZI30y1K9AQhYYg/+K9OunnY7wSV0uMSxi+gebxgh3dUD7oKv
wfmh5PdoLC94FCmwxQZFy0jpQ2aFeO0FaDJKaTvOasSzHxyyIVm5intVgD8vid+z
lceQnQ82sO/Y67KSMD6TWsI0dDEtGQqZUNjd0x2A/bE5xDwoigTSJYschW5gVgwB
y6+RoCsotlaMQotM6Q7g4mClfi6DUrRSmUqzhcIQa322bZc3vD6TYBOdIC0sMgX4
EtN/Iu6BfoC4ZlmVN1hYdiij7PaAIdao0pBCv99Y163v2a7ewA5i9Nxa8Y7PStdk
t4GYf+Q+6Haq2lFK5j/OvDNUgj69suk1IuCQakYcAZE3g9S9vFl40Ybh9iP/8FKU
NCrxlgQQnSaZX08CG7ujz0uxL4wEs5RBAjPsA2zBp1UEz5CRrM3gLXmf/pvNVlNn
PhWm970Hs7+l9lGfE1yUVsTzsukxkBJ8L3DXv4ajCZg792kXJBBQRTDpUjMeZVPZ
iNYhmbvledJHq8GWbuPVt4FEME9tPEjzNoS9zOfMGi0j+bDCqhyz12cWNZo3keUe
//f9N7ivroFiBKsNmUpqgsSsRrQLVQvm+HHuEKo0NOFqt4SfzBwqZRCcRAkOaoSR
PSoeas1Gqnzy0C90wx0dJ2qfGqlrjCS98gCcDCVgqwFco52rPITljTPkjDD6MLac
xlTt7cPVGug=
=Z9oy
-----END PGP SIGNATURE-----

ESB-2023.0629 - [Ubuntu] Long Range ZIP: CVSS (Max): 9.8

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0629
                USN-5840-1: Long Range ZIP vulnerabilities
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Long Range ZIP
Publisher:         Ubuntu
Operating System:  Ubuntu
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-28044 CVE-2022-26291 CVE-2021-27347
                   CVE-2021-27345 CVE-2020-25467 CVE-2018-5786

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-5840-1

Comment: CVSS (Max):  9.8 CVE-2022-28044 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-5840-1: Long Range ZIP vulnerabilities

2 February 2023

Several security issues were fixed in Long Range ZIP.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and
Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

  o Ubuntu 22.10
  o Ubuntu 22.04 LTS
  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 ESM
  o Ubuntu 14.04 ESM

Packages

  o lrzip - compression program with a very high compression ratio

Details

It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an automated system were tricked into opening a certain
specially crafted ZIP file, an attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. ( CVE-2020-25467 )

It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an automated system were tricked into opening a certain
specially crafted ZIP file, an attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. ( CVE-2021-27345 , CVE-2021-27347 )

It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an automated system were tricked into opening a certain
specially crafted ZIP file, an attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. ( CVE-2022-26291 )

It was discovered that Long Range ZIP incorrectly handled memory allocation,
which could lead to a heap memory corruption. An attacker could possibly use
this issue to cause denial of service. This issue affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 22.10. ( CVE-2022-28044 )

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and
Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 22.10

  o lrzip - 0.651-2ubuntu0.22.10.1

Ubuntu 22.04

  o lrzip - 0.651-2ubuntu0.22.04.1

Ubuntu 20.04

  o lrzip - 0.631+git180528-1+deb10u1build0.20.04.1

Ubuntu 18.04

  o lrzip - 0.631-1+deb9u3build0.18.04.1

Ubuntu 16.04

  o lrzip - 0.621-1ubuntu0.1~esm2
    Available with Ubuntu Pro

Ubuntu 14.04

  o lrzip - 0.616-1ubuntu0.1~esm2
    Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  o CVE-2021-27347
  o CVE-2021-27345
  o CVE-2020-25467
  o CVE-2022-28044
  o CVE-2022-26291
  o CVE-2018-5786

Related notices

  o USN-5171-1 : lrzip
  o USN-5171-2 : lrzip

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xhyckNZI30y1K9AQj0OA/8ChENcDE0a/LhQj5hHMoj957KRGRC0STL
Rjq615RfIvWefQqmNh6wgS3e/wnUqNmxYMHchS3DuCyiIscJcfTk/EpHBMwSN1bp
isg/NA3BDStiEo8xa2RBuPtgDKmnfs1nNWYh5RIoxv61HV7UgN/IZALTRNcAgNgH
N+WmuYFMnx33WhB0KvNYRYHRengA4fyDaiHgGbnxsx/WifukBqIvSr9JRFJIJ0kL
pvvupd3Ob+aQlSeOj5ePQEkRKqkgUrBSh1EY7rL68zm9jJoSUlTmoE/3MovYt7Oi
Dvbmf/qdn0x49jc+CUdSoui8zUJdels9yTuOghOXVipl/V7Q+wlQXpMEGhzyxMCm
D44l+bNZ5gbJ96Eix7y0I1LyNabnpT5OSwwvLbuwsjqTln1/pUTDKQix9puMZyU5
awcXizxZwKmxzq+8jhTCRGJOL6VnBf/Majbceshg0MTTCLXIMZX2PIcC7OzCGPR7
RyN6vofp9PjypANVFf2T/Ky+RIaT4SsSAheg+pZm+vSyCtkn1VVtrPIilXLUyO9L
rFoj7CKwuH1lk/gt3ykfcPRxrCvsI7ryFsjIWwL1isgbTKU9aRwdUDLMd9XnWUuZ
uGUWGApN7x/V9xEta+2RKtly7pPKeR6gjCYPOCuEBKEFlgVV2z9yvCNNbevRuF/E
twSxMtlzKP4=
=ry0p
-----END PGP SIGNATURE-----

ESB-2023.0628 - [Ubuntu] LibTIFF: CVSS (Max): 8.8

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0628
                    USN-5841-1: LibTIFF vulnerabilities
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           LibTIFF
Publisher:         Ubuntu
Operating System:  Ubuntu
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-48281 CVE-2022-3970 CVE-2020-35524
                   CVE-2020-35523 CVE-2019-17546 CVE-2019-14973

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-5841-1

Comment: CVSS (Max):  8.8 CVE-2022-3970 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-5841-1: LibTIFF vulnerabilities

2 February 2023

Several security issues were fixed in LibTIFF.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and
Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

  o Ubuntu 16.04 ESM
  o Ubuntu 14.04 ESM

Packages

  o tiff - Tag Image File Format (TIFF) library

Details

It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a
specially crafted image, a remote attacker could crash the application,
leading to a denial of service, or possibly execute arbitrary code with
user privileges. This issue was only fixed in Ubuntu 14.04 ESM.
( CVE-2019-14973 , CVE-2019-17546 , CVE-2020-35523 , CVE-2020-35524 ,
CVE-2022-3970 )

It was discovered that LibTIFF was incorrectly acessing a data structure
when processing data with the tiffcrop tool, which could lead to a heap
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. ( CVE-2022-48281 )

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and
Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 16.04

  o libtiff5 - 4.0.6-1ubuntu0.8+esm9
    Available with Ubuntu Pro
  o libtiff-tools - 4.0.6-1ubuntu0.8+esm9
    Available with Ubuntu Pro

Ubuntu 14.04

  o libtiff5 - 4.0.3-7ubuntu0.11+esm6
    Available with Ubuntu Pro
  o libtiff-tools - 4.0.3-7ubuntu0.11+esm6
    Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  o CVE-2019-14973
  o CVE-2020-35524
  o CVE-2019-17546
  o CVE-2022-48281
  o CVE-2020-35523
  o CVE-2022-3970

Related notices

  o USN-4158-1 : libtiff-tools, libtiff5-dev, libtiffxx5, libtiff-dev,
    libtiff-opengl, tiff, libtiff-doc, libtiff5
  o USN-4755-1 : libtiff-tools, libtiff5-dev, libtiffxx5, libtiff-dev,
    libtiff-opengl, tiff, libtiff-doc, libtiff5
  o USN-5743-1 : libtiff-tools, libtiff5-dev, libtiffxx5, libtiff-opengl, tiff,
    libtiff-doc, libtiff5
  o USN-5743-2 : libtiff-tools, libtiff5-dev, libtiffxx5, libtiff-dev,
    libtiff-opengl, tiff, libtiff-doc, libtiff5

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xhw8kNZI30y1K9AQjBMBAAjb0fvRSW6f239CPz/iQA2kz8q8D2yyW+
ZuUddAKAPJ3EfYEfglQYPlHZW0BY4Z6wxJg0hHXl1HUYQzEaaJGilWDP+GwkNe8m
q+xeaa3rsw8DZyLTlXf7QLXWWk4C1iEdJEOQQvZCiSZzIPdBnfoznZmO8+BAqmzZ
Zz80IOKUcelSB2vdth2h54rGj4WNkP2rCzsPhVTFaEWyHnzFt05BwROnIu8h2Sjl
PRkwJMnRG56wwA8btENGek8jGIC3V8Woiz3mOwPVcrv99ug0wcws6A/LOxSI/9+m
bTQ7ewIZnCDOg3fQaNtA95mYlxJIdrzMigKHULwVAviscEJ3rexkR58/EZXWGuRR
06RNn5qSA1pevNg+46BLSvOfmZzgKbxf1tWuQ23pVGo2QoM2MVSrJ/zVDpxcUFC7
6wYDh3dv0xopEsA1HgVYGgy2j5LM9imrsSXhxJeL7/nQXhn9/WeHUzqov9f1+j7l
XIeP8OdxSV3l4YpjaaQEOJBhE9OWTefxsagFubal4F+yP2kwnQf9NJ5gUGr79fEe
n3HHei0w4jfvxyM7KhEQ/UpRu1Zh5ZzZjAAa4oWq/ZvddVrhavVf7jnlTQqx5Ibi
B31Z3QuRLf4+yb675XaETw1B7C2lORlpvMBL13u/bN9p8RW/jHQnjGr2t9PBZWjz
vWQfjAF8ZSQ=
=pU8D
-----END PGP SIGNATURE-----

ESB-2023.0627 - [Appliance] Delta Electronics DX-2100-L1-CN: CVSS (Max): 9.0

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0627
         Advisory (icsa-23-033-05) Delta Electronics DX-2100-L1-CN
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Delta Electronics DX-2100-L1-CN
Publisher:         ICS-CERT
Operating System:  Network Appliance
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-0432 CVE-2022-42140 

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-23-033-05

Comment: CVSS (Max):  9.0 CVE-2023-0432 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
         CVSS Source: ICS-CERT
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-23-033-05)

Delta Electronics DX-2100-L1-CN

Original release date: February 02, 2023

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 9.0
  o ATTENTION: Public exploits available/exploitable remotely/low attack
    complexity
  o Vendor: Delta Electronics
  o Equipment: DX-2100-L1-CN
  o Vulnerabilities: OS Command Injection, Cross-site Scripting

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker with
low privileges to gain root access or allow an unauthenticated attacker to
perform remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of DX-2100-L1-CN, an industrial ethernet router, are
affected:

  o DX-2100-L1-CN: Version 1.5.0.10

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS
COMMAND INJECTION') CWE-78

The web configuration service of the affected device contains an authenticated
command injection vulnerability. It can be used to execute system commands on
the operating system (OS) from the device in the context of the user "root." If
the attacker has credentials for the web service, then the device could be
fully compromised.

CVE-2022-42140 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:U/
C:H/I:H/A:H ).

3.2.2 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE
SCRIPTING') CWE-79

The affected device contains a stored cross-site scripting vulnerability in the
"net diagnosis" function in the web configuration service. This can be
exploited in the context of a victim's session. An attacker could deliver a
large variety of payloads that could lead to possibilities, such as remote code
execution.

CVE-2023-0432 has been assigned to this vulnerability. A CVSS v3 base score of
9.0 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:R/S:C/
C:H/I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

CISA discovered a public Proof of Concept (PoC) as authored by T. Weber of
CyberDanube Security Research, who reported it to Delta Electronics.

4. MITIGATIONS

Delta Electronics patched this vulnerability in Version 1.5.0.12 and recommends
all users update device firmware to that version or later.

CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls and
    isolate them from business networks.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
    updated to the most current version available. Also recognize VPN is only
    as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber
defense best practices are available for reading and download, including
Improving Industrial Control Systems Cybersecurity with Defense-in-Depth
Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage at cisa.gov/ics in the technical information paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing suspected malicious activity should follow established
internal procedures and report findings to CISA for tracking and correlation
against other incidents.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xhvckNZI30y1K9AQiUghAArThhVZbl7RQ8hwr5v6cNAyjQEHpIBBF6
QZjxjVJieRjEsUo0oqkOhoLLr8enZQmdbu0mB9zmHXmJV5Yvvkjro74N7mVEztJo
mLK/rd6kFlcJHIaPqghWheM7671TkcFJtrLL7sBTQXbrXqlO3TQsbHKlZaH1hSwV
X/XvlGVX57EI/b5UuQpB/hHbI0mAZngDweLHemr7tO1Pr3jNhFFYh6Kjg4Rv27Vc
MQUzQvod53ZMA5w5ExhtmUJL1oTvc6jaA8UGgqw3J6riNDQiN6y9cB68msyX0P8c
8SABZ95sVI5l5IM52CKCaHDBA8wjy1zT6wbcKPKkARr5cunNC3og0yJEbzdjwtv2
bhRKIVwwGhE5GyToAp0ar9dypMAlsRk2EUOMVJWe84cPFewy/I2t2ocddaMclHYa
VqSvGkwXsD/ZZ/Lj8QNkNo2QwD1DEnIZrgnb3/VmWdU7jjLxMSOfuhiF2VZJy6Ml
HruuUecQDkHKi54EeWSTrT3GTKlgtSW8B20YZc6J2HRFkNdC/rvNKUP8T/okM5XT
rvjGqonTD3QIO7eHfij/9h/1C21NaRpHoxkxhSFQXAsX+y5d7SgUBh2iBOTK2REb
g0kl0prB/WO2WavwwT9yaKEiZjvCik+OOkSJh3ITJhkJosd8KFdmskXzQQtXXtXM
Y3+tOrvLy4o=
=zW13
-----END PGP SIGNATURE-----

ESB-2023.0626 - [Appliance] Delta Electronics DVW-W02W2-E2: CVSS (Max): 9.9

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0626
         Advisory (icsa-23-033-04) Delta Electronics DVW-W02W2-E2
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Delta Electronics DVW-W02W2-E2
Publisher:         ICS-CERT
Operating System:  Network Appliance
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-42139  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-23-033-04

Comment: CVSS (Max):  9.9 CVE-2022-42139 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
         CVSS Source: ICS-CERT
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-23-033-04)

Delta Electronics DVW-W02W2-E2

Original release date: February 02, 2023

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 9.9
  o ATTENTION: Public exploit available/exploitable remotely/low attack
    complexity
  o Vendor: Delta Electronics
  o Equipment: DVW-W02W2-E2
  o Vulnerabilities: OS Command Injection

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a threat actor with
low privileges to gain root access to the device, which could then allow them
to send malicious commands to managed devices.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of DVW-W02W2-E2, an industrial ethernet router, are
affected:

  o DVW-W02W2-E2: Version 2.42

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS
COMMAND INJECTION') CWE-78

The web server of the affected device is vulnerable to authenticated command
injection via POST parameters. A threat actor could gain full access to the
underlying operating system (OS) of the device. If the device is acting as a
key device in an industrial network, or controls various critical equipment via
serial ports, the threat actor could cause extensive damage in the
corresponding network.

CVE-2022-42139 has been assigned to this vulnerability. A CVSS v3 base score of
9.9 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:C/
C:H/I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

CISA discovered a public Proof of Concept (PoC) as authored by T. Weber of
CyberDanube Security Research, who reported it to Delta Electronics.

4. MITIGATIONS

Delta Electronics patched this vulnerability in Version 2.5.2 and recommends
all users update affected device firmware to that version or later.

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls and
    isolate them from business networks.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
    updated to the most current version available. Also recognize VPN is only
    as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber
defense best practices are available for reading and download, including
Improving Industrial Control Systems Cybersecurity with Defense-in-Depth
Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage at cisa.gov/ics in the technical information paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing suspected malicious activity should follow established
internal procedures and report findings to CISA for tracking and correlation
against other incidents.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xht8kNZI30y1K9AQh/Eg/+ImrdNom9ycn5O9LSEYoZ3yr/S6gwGKNW
Jgow142c3X98tOP9yHWO6zxuGgR7JCeDMTl+k36azXiqanXHql8MPryRF1mvatHu
ZRVy5OHoICOTldaA6sr5wiIOPeRo8A1oW9lvAAV9Fv+T2R0V3elz2TL25plcpIIH
s+yygBikYBvzt3c9MYX4i9k7YR5ob5r2nm4KEtMI/jasg0iFysbXL+5FihdimCjy
gYOFKkkrwOzw85UX1k7s6wwmp5iS2OURBVN3MLTa1W9YbxK6n97/LBZSaCwzIAuf
K6HpvBbufR1zTrZpdWuclXeBXaEi3brvjQvg2i7yGDJRVnbiTitlWVothvPIfV0T
vD5Hutyg0BCDOe1KnYeOE0TQNmx23+MpIGAa9OM99mSW2UHQ8zsFP8ctAOgTYsYq
DuGAUX2eLpJsWfiFLMJh92gArmkOy2AWDUYU+WWalq95iVHoqAEG7xYNgUNpMpnH
eCguGoph6h47ij2fFn9tx7py1NVCojZgvQvDATMKrxFiBiUfRN7kbKoPSTrOqtha
nHVgm7zSS1UrKKtXlycwucpRgPGPX7pthX4wpPzoKI8D6IK6o3LC9Rd32IT6DiFW
DYUMJ1UIt4IDppS100GqScjGg9eMQjSKyshsJkoTCRisi0zJLQhPYMCcP/ji/jXr
l9g1bsl0CBo=
=DTh5
-----END PGP SIGNATURE-----

ESB-2023.0625 - [Appliance] Delta Electronics DIAScreen: CVSS (Max): 7.8

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0625
           Advisory (icsa-23-033-01) Delta Electronics DIAScreen
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Delta Electronics DIAScreen
Publisher:         ICS-CERT
Operating System:  Network Appliance
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-0251 CVE-2023-0250 CVE-2023-0249

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-23-033-01

Comment: CVSS (Max):  7.8 CVE-2023-0251 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
         CVSS Source: ICS-CERT
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-23-033-01)

Delta Electronics DIAScreen

Original release date: February 02, 2023

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 7.8
  o ATTENTION: Low attack complexity
  o Vendor: Delta Electronics
  o Equipment: DIAScreen
  o Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of
    Operations within the Bounds of a Memory Buffer, Out-of-bounds Write

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow remote code
execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of DIAScreen, a software configuration tool for Delta
devices, are affected:

  o DIAScreen: versions 1.2.1.23 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a
stack-based buffer overflow, which could allow an attacker to remotely execute
arbitrary code.

CVE-2023-0250 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/
C:H/I:H/A:H ).

3.2.2 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER
CWE-119

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a
buffer overflow through improper restrictions of operations within memory,
which could allow an attacker to remotely execute arbitrary code.

CVE-2023-0251 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/
C:H/I:H/A:H ).

3.2.3 OUT-OF-BOUNDS WRITE CWE-787

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to an
out-of-bounds write, which could allow an attacker to remotely execute
arbitrary code.

CVE-2023-0249 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/
C:H/I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Energy
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Natnael Samson (@NattiSamson), working with Trend Micro's Zero Day Initiative,
reported these vulnerabilities to CISA.

4. MITIGATIONS

Delta Electronics released version 1.3.0 of DIAScreen (login required) and
recommends users install this update on all affected systems.

CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls and
    isolate them from business networks.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
    updated to the most current version available. Also recognize VPN is only
    as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber
defense best practices are available for reading and download, including
Improving Industrial Control Systems Cybersecurity with Defense-in-Depth
Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage at cisa.gov/ics in the technical information paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing suspected malicious activity should follow established
internal procedures and report findings to CISA for tracking and correlation
against other incidents.

No known public exploits specifically target these vulnerabilities. These
vulnerabilities are not exploitable remotely.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xhsckNZI30y1K9AQjwmw/+LN5yTFzzwQNLd+8XPAdq5ccihqngOs+W
LpffPIHYrPUXMLHSujZAPf5itGUdz41cNCcu6ztjKsP27CWWikdBcMpNo0PLAaNv
ms6HlHNiH5Rp2v6py+XSA46k4VAF89DV/p2rGjc/ib4aqJKdIy28NtDBt7ffLQ70
mfgdtSa5sWUZvk7Y7V6vwymYK6uo0pjIpyryYA1V+JNl5B3c4hjIjn5y3/8ydnAH
LtxrrP3vzyjWgBHBA8dA8i5HMQf2wGYjTPCdIdEd8osowtYrfjXZ+WQ5tpo+6R/j
BE2q2QjCCgGhMZPJPWwse5qg8DpaA/kEiiA69VH0FfQCfLRY2NxQNp9kWlTE83il
NiTe4I1kVZiGPZE65J812rjtcdO+1ofMpwbPFXju6A6i27gW9EOg9Ozn43GJpnYX
BPhjriUk6MxOL+pEO2esRKO88QAhC00Gc5Ipug7YYVyfNJAtAuKTYD1ps5hAY7tW
uMhWkKgX9qHZCb7qdEopyB41QnOXjeZNKAVKadRMi/jOxxeP0JC+swtgh64MKiNr
JWd8naTiTcboPDutW33ZIglwAlzjhs+xcFYCq4USF4kBeDt+62AqCyHJtws9bNxT
diV0NBRXfgYM/q3haYp/uaAA2zFj0bzi2jS/gTaJJ6FQ4K2zvqHXyShsEWHJ3Xjt
+H4VVpiIEcs=
=Gq5w
-----END PGP SIGNATURE-----

ESB-2023.0624 - [Appliance] Baicells Nova: CVSS (Max): 9.8

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0624
                  Advisory (icsa-23-033-03) Baicells Nova
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Baicells Nova
Publisher:         ICS-CERT
Operating System:  Network Appliance
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-24508  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-23-033-03

Comment: CVSS (Max):  9.8 CVE-2023-24508 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: ICS-CERT
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-23-033-03)

Baicells Nova

Original release date: February 02, 2023

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 9.8
  o ATTENTION: Exploitable remotely/low attack complexity
  o Vendor: Baicells Technologies
  o Equipment: Nova
  o Vulnerability: Command Injection

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to
execute arbitrary commands.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Baicells reports this vulnerability affects the following Nova LTE TDD eNodeB
devices with firmware through RTS/RTD 3.6.6:

  o Nova 227
  o Nova 233
  o Nova 243
  o Nova 246

3.2 VULNERABILITY OVERVIEW

3.2.1 COMMAND INJECTION CWE-77

Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB devices and Nova 246 with
firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation
via HTTP command injections. Commands are executed using pre-login execution
and executed with root permissions.

CVE-2023-24508 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Communications
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Rustam Amin reported this vulnerability to CISA through VINCE .

4. MITIGATIONS

Baicells resolved this vulnerability in firmware version 3.7.11.3 and later.
Baicells recommends all users currently running an earlier version of RTS/RTD
upgrade their devices to the 3.7.11.6 firmware. Firmware can be downloaded from
the Baicells community page or upgraded via OMC.

Baicells published a security vulnerability notice for this issue

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls and
    isolate them from business networks.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
    updated to the most current version available. Also recognize VPN is only
    as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber
defense best practices are available for reading and download, including
Improving Industrial Control Systems Cybersecurity with Defense-in-Depth
Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage at cisa.gov/ics in the technical information paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing suspected malicious activity should follow established
internal procedures and report findings to CISA for tracking and correlation
against other incidents.

No known public exploits specifically target this vulnerability. This
vulnerability is exploitable remotely. This vulnerability has a low attack
complexity.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xhq8kNZI30y1K9AQhd3A/8C705Tl/WFHe3MFVGNs4b/ybZWlWE5qY5
bWn58zrJVZH8sbmoKiPYW7TKINm1O5u0Ux0flttxQC/TsjLktGEyunedzS/nrX1a
+onNjPC+7UtZqp7tA7SASWuXOKnglqi6t6F3VOZ8CBK5+48p0qPlj9fQHPBG04lG
2AY4SNR2+4pOkUqIW1R74FPdj7DA5tYY8gpsy0LReLz3q6c87hQGXNDmXL8Yn871
PjwH3OtoFua8o7kfi0T6w1ouQwdIbgPvt06wnYwAN8Jj0qhqs8wn+uFa3+loWaEO
Cfk6wcTnr3+35fW9MaGQEh90Tuoh6oI5X3wGL7hCIHPdx/PgLMhfg48D/n/Q7YWk
+3IYcDQUF7IPMIn45JT3asJ77u3oR65gyzffAj0wrn826HgxK7Ro4goev4mp+tg2
9xvNC6Hm5A9N8TpHCT83WbmTctUiWgUrG1XNaLojROrKDKLV4CDhrFgcZQnoO8uB
GUjOVdwp0C9E2fQ93nmUHx3Jrrlnh/NuX9Euu69sdamVgDUWuERXwWRlVZ71b6Nm
0cDpduISNfDseFumJV7rCgStczABqtPHzsgMBCAG1MbNzzTFFspA6uCU/X0bb9y8
HxrCkrzNLy1bT/VVlkjYYMY2k7yHFQN6QQNlYvKk7awcJJHUrK0Eyos3v5toR4bG
CzETAAcYtPQ=
=Vcsa
-----END PGP SIGNATURE-----

ESB-2023.0623 - [Ubuntu] Apache HTTP Server: CVSS (Max): 5.3

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0623
               USN-5839-2: Apache HTTP Server vulnerability
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apache HTTP Server
Publisher:         Ubuntu
Operating System:  Ubuntu
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-37436  

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-5839-2

Comment: CVSS (Max):  5.3 CVE-2022-37436 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-5839-2: Apache HTTP Server vulnerability

2 February 2023

Several security issues were fixed in Apache HTTP Server.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and
Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

  o Ubuntu 16.04 ESM

Packages

  o apache2 - Apache HTTP server

Details

USN-5839-1 fixed a vulnerability in Apache. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy module incorrectly truncated certain response headers. This may
result in later headers not being interpreted by the client.
( CVE-2022-37436 )

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and
Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 16.04

  o apache2 - 2.4.18-2ubuntu3.17+esm9
    Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  o CVE-2022-37436

Related notices

  o USN-5839-1 : libapache2-mod-md, apache2, apache2-suexec-custom,
    apache2-utils, apache2-data, libapache2-mod-proxy-uwsgi, apache2-bin,
    apache2-ssl-dev, apache2-suexec-pristine, apache2-doc, apache2-dev

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xhpMkNZI30y1K9AQgBMw//RK95NRKIDk64uHoI5Ifelp2US0PfpgqX
qve0ah0Qj462fl5VbGJ7qcfwt5T79wZFJIK6dIlZ/xwvsFOCFTYI42MDwPyglSLZ
NrgrSKip2kBEFYhE9VeWCFTaxU8xzhKgk4XSbntnBuahEIgPCNnmynBfvC+V8ufp
QrVbJV/kqWQt9I5VqEGq0aIf9D/55ytQ437n5ruUOgNuUs8c3DpEYGMUZsR+j8yN
Hs8ErdpGpK2Q3laVp1oAkYDIY6Pw33eF5vDFPYYEXbntET+ko+p0QnkGm1DqbPWJ
1YnM1qutSKteE/rowmbXHJxPcfEY5lmMWgO0UOc6ES9srcZPJ1LWTlH+/saw7OdS
qWwLOXQcvj3rbKLC+4fIo/IG5wifDrkHkoQJhRRjU7m5Si19qz4rMcKnimN9LhRL
R+wbNI8zkBewv9oZqDNwArZ8VHmDksE+gvXa4wiYGVedlOFsZSwshQRggAaLWDrc
Tsp7ZUxvWa8WlmlbN72bo//avOYAR3R3+TUtY3zkfOlysvyJ/n6XyiiFdu8P9378
DoHhe7s+ZIBzSH3uw5uFAhKxbljIZuQ8GclWjBrPbpGJ70us/h1LJOKrqi+pVkUO
wug566BLXmFKfukpuWxHP1ltUUSrrIsg9nb7DYuEG/QYwj9uJRuQxMKpbH75ASUD
/YRsVcWZRYY=
=2DI0
-----END PGP SIGNATURE-----

ESB-2023.0622 - [Appliance] Mitsubishi Electric GOT2000 Series and GT SoftGOT2000: CVSS (Max): 7.4

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0622
       Advisory (icsa-23-033-02) Mitsubishi Electric GOT2000 Series
                            and GT SoftGOT2000
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Mitsubishi Electric GOT2000 Series
                   GT SoftGOT2000
Publisher:         ICS-CERT
Operating System:  Network Appliance
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-40269 CVE-2022-40268 

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-23-033-02

Comment: CVSS (Max):  7.4 CVE-2022-40269 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
         CVSS Source: ICS-CERT
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-23-033-02)

Mitsubishi Electric GOT2000 Series and GT SoftGOT2000

Original release date: February 02, 2023

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 6.8
  o ATTENTION: Exploitable remotely
  o Vendor: Mitsubishi Electric Corporation
  o Equipment: GOT Mobile Function on GOT2000 Series and GT SoftGOT2000
  o Vulnerabilities: Authentication Bypass by Spoofing, Improper Restriction of
    Rendered UI Layers or Frames

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow attackers to
perform unintended operations through clickjacking (an attack that tricks users
into clicking an invisible or disguised webpage element) or allow attackers to
disclose sensitive information from their browsers or impersonate legitimate
users by abusing inappropriate HTML attributes.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Mitsubishi Electric reports these vulnerabilities affect the GOT Mobile
Function on the following products:

  o GOT2000 Series:
       GT27 model: GOT Mobile versions 01.14.000-01.47.000
       GT25 model: GOT Mobile versions 01.14.000-01.47.000
  o GT SoftGOT2000: software versions 1.265B-1.285X

3.2 VULNERABILITY OVERVIEW

3.2.1 AUTHENTICATION BYPASS BY SPOOFING CWE-290

This vulnerability could allow an attacker to impersonate legitimate users by
abusing inappropriate HTML attributes or cause users' browsers to disclose
sensitive information.

CVE-2022-40269 has been assigned to this vulnerability. A CVSS v3 base score of
6.8 has been calculated; the CVSS vector string is ( AV:N/AC:H/PR:N/UI:R/S:U/
C:H/I:H/A:N ).

3.2.2 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021

This vulnerability could allow an attacker to lead legitimate users to perform
unintended operations through clickjacking.

CVE-2022-40268 has been assigned to this vulnerability. A CVSS v3 base score of
6.1 has been calculated; the CVSS vector string is ( AV:N/AC:H/PR:N/UI:R/S:C/
C:N/I:H/A:N ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Mitsubishi Electric reported these vulnerabilities to CISA.

4. MITIGATIONS

Mitsubishi Electric recommends users update to the latest software versions.
Mitsubishi Electric's security advisory contains step-by-step update
instructions :

  o GOT2000 Series
       GT27 model: Update to GOT Mobile version 01.48.000 or later.
       GT25 model: Update to GOT Mobile version 01.48.000 or later.
  o GT SoftGOT2000: Update to software version 1.290C or later.

Mitsubishi Electric recommends users take the following mitigations to minimize
the exploitation risk of these vulnerabilities:

  o When internet access is required, use a firewall, virtual private network
    (VPN), etc. to prevent unauthorized access.
  o Use devices within a local area network (LAN) and block access from
    untrusted networks and hosts.
  o Install antivirus software on hosts running affected software/firmware.
  o Use the IP filter function to control access via IP address.
       GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG). "5.4.3
        Setting the IP filter"
  o Disable GOT Mobile Function.

Users should refer to Mitsubishi Electric's security advisory for further
information.

CISA recommends users take defensive measures to minimize the risk of
exploitation these vulnerabilities. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls and
    isolate them from business networks.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
    updated to the most current version available. Also recognize VPN is only
    as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber
defense best practices are available for reading and download, including
Improving Industrial Control Systems Cybersecurity with Defense-in-Depth
Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage at cisa.gov/ics in the technical information paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing suspected malicious activity should follow established
internal procedures and report findings to CISA for tracking and correlation
against other incidents.

CISA also recommends users take the following measures to protect themselves
from social engineering attacks:

  o Do not click web links or open attachments in unsolicited email messages.
  o Refer to Recognizing and Avoiding Email Scams for more information on
    avoiding email scams.
  o Refer to Avoiding Social Engineering and Phishing Attacks for more
    information on social engineering attacks.

No known public exploits specifically target these vulnerabilities. These
vulnerabilities are exploitable remotely. These vulnerabilities have a high
attack complexity.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xhbskNZI30y1K9AQgYcBAAlo0f571Pj4/iWEIbwM4c/sN5uIgda5np
fo1QdapFPdLwgOGt1KxonfoheKA506BRTSp/26kJJLPqwilEQWkf7EU4xyrA89wN
LGME3ASaDqtEJnAF+nk1437bS/h4jUQVqXVBS84ErGO1UCAceshcOXEfIJsc/ion
60m//bEPoCr01LXsxcdT6ux848UceoS6p8KzYi864Qyo7psS46tKEbrEq/ZdPwH7
4x+0qeBLFHYjRvA24ca5IpVoJ+2IcExGVDIm7xOx7E0+iOtWk5Z0GmV1OTXSVoeP
8SIZuheXpf3elbmYjpDDzUbOIYRu0XNn/wlNCaN33R8olUBeJwlxSdxwt1BPMxV+
hYQZWMOVxEMHa6T1GfMc3gufUPwdOtf2b63Y3a0LgjeeD8//jq0Ze8mtmhM5b8QX
NUARBeoXFvQCTyD2iaZmcC5u7Cyqd5QGjkfw0MgQAk26jPNG2YeUpt3sjATLVFbr
x9r4/Hs6KEnq90rUMsJzpBV0hVMCopbZIcvCcWNV9iRstl8fDDz4cEXtS1B3tv/7
EJzlgvN4LUPhEN12VnDcQoXPTnK1hQbDSGBM3EDxfJuE2xraY5PWy0QkC66S3Abw
DiDxD9Onq2KF8KY/J5ig/j6nlFgD0BvBBs9eJ8qIb7PsCv2NIMIbBmkHara+HcMs
svPiNJwzQkQ=
=pp9T
-----END PGP SIGNATURE-----

ESB-2023.0169.3 - UPDATE [Cisco] Cisco Network Services Orchestrator (NSO): CVSS (Max): 5.5

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2023.0169.3
     Cisco Network Services Orchestrator Path Traversal Vulnerability
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Network Services Orchestrator (NSO)
Publisher:         Cisco Systems
Operating System:  Cisco
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-20040  

Original Bulletin: 
   https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg

Comment: CVSS (Max):  5.5 CVE-2023-20040 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)
         CVSS Source: Cisco Systems
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Revision History:  February  3 2023: Formatting issue
                   February  3 2023: Vendor confirmed products that are not vulnerable
                   January  12 2023: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Network Services Orchestrator Path Traversal Vulnerability

Priority:        Medium
Advisory ID:     cisco-sa-nso-path-trvsl-zjBeMkZg
First Published: 2023 January 11 16:00 GMT
Last Updated:    2023 February 2 20:22 GMT
Version 1.1:     Final
Workarounds:     No workarounds available
Cisco Bug IDs:   CSCwb11065
CVE Names:       CVE-2023-20040

Summary

  o A vulnerability in the RESTCONF service of Cisco Network Services
    Orchestrator (NSO) could allow an authenticated, remote attacker to cause a
    denial of service (DoS) on an affected system that is running as the root 
    user. To exploit this vulnerability, the attacker must be a member of the
    admin group.

    This vulnerability exists because user-supplied input is not properly
    validated when RESTCONF is used to upload packages to an affected device.
    An attacker could exploit this vulnerability by uploading a specially
    crafted package file. A successful exploit could allow the attacker to
    write crafted files to arbitrary locations on the filesystem or delete
    arbitrary files from the filesystem of an affected device, resulting in a
    DoS condition.

    Note: By default, during install, Cisco NSO will be set up to run as the
    root user unless the --run-as-user option is used.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg

Affected Products

  o Vulnerable Products

    At the time of publication, this vulnerability affected Cisco NSO.

    For information about which Cisco software releases were vulnerable at the
    time of publication, see the Fixed Software section of this advisory. See
    the Details section in the bug ID(s) at the top of this advisory for the
    most complete and current information.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect Cisco NSO
    installations that are not running RESTCONF.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Fixed Releases

    At the time of publication, the release information in the following table
    was accurate. See the Details section in the bug ID(s) at the top of this
    advisory for the most complete and current information.

    The left column lists Cisco software releases, and the right column
    indicates whether a release was affected by the vulnerability that is
    described in this advisory and which release included the fix for this
    vulnerability.

    Cisco NSO Release             First Fixed Release
    3.3 through 5.3               Migrate to a fixed release.
    5.4                           5.4.7
    5.5                           5.5.6
    5.6                           5.6.7
    5.7                           5.7.4
    5.8                           5.8.1
    6.0                           Not vulnerable.

    The Cisco Product Security Incident Response Team (PSIRT) validates only
    the affected and fixed release information that is documented in this
    advisory.

Exploitation and Public Announcements

  o The Cisco PSIRT is not aware of any public announcements or malicious use
    of the vulnerability that is described in this advisory.

Source

  o This vulnerability was found during internal security testing by Arthur
    Vidineyev of the Cisco Advanced Security Initiatives Group (ASIG).

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

  o Subscribe

Related to This Advisory

  o 

URL

  o https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg

Revision History

  o +---------+---------------+------------------------+--------+-------------+
    | Version |  Description  |        Section         | Status |    Date     |
    +---------+---------------+------------------------+--------+-------------+
    |         | Changed       | Summary and Products   |        |             |
    | 1.1     | NETCONF to    | Confirmed Not          | Final  | 2023-FEB-02 |
    |         | RESTCONF.     | Vulnerable             |        |             |
    +---------+---------------+------------------------+--------+-------------+
    |         | Initial       |                        |        |             |
    | 1.0     | public        | -                      | Final  | 2023-JAN-11 |
    |         | release.      |                        |        |             |
    +---------+---------------+------------------------+--------+-------------+

Legal Disclaimer

  o THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
    OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
    FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
    OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
    THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

    A standalone copy or paraphrase of the text of this document that omits the
    distribution URL is an uncontrolled copy and may lack important information
    or contain factual errors. The information in this document is intended for
    end users of Cisco products.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9x66ckNZI30y1K9AQiIdg//cRtphxvi4+0I4LEkvQRW0u4n8KfwAxd8
4LD//2ZIbMhO3YrifZKZ0+afycSOjVks38c9dXK5A69Ir0GG0VBThIS2F9LbfpQC
38ksYtxzEHpj7AXmsliIUEG4BYWMWRM8mo0w/YFPIakJpf6c98YS6oLpS6fyt33E
6BwbKpEJDsjoMJyDcKv2F9JqJWquXLPBx4FDdi/ZYhYNUAIqo6KQ46Gx6BaRo4sf
2QBmy0MMM8DHZIr77bqvKezb5hdBZ6Q5aOgV1Df0RN5e6idM+Qf5JaMZYdXS11hX
M11wGkR8V9KfuIoyxky2xx3DO7Lq/ugMPSjhmFL8r3DVfIm1KMvmQGI/y8BaFk6x
qG3Y4Ten4Z9rMIIic+JnWqjV3bAWFjMnjNmpBlxTo0GmJlXqZSvTxgjFbFcUeFeZ
H0MRsiutGupzHOtjoAAqov/b2D2wIlnZzCh9Jv23rRmihcgKNGQdQhUCSpSzI1n+
4fq8LHgfk9X/L6rt9eVDNTXnvn4fNn7ydk9RsNF3j6xndzLA7v9NwY8Kmee8g4yW
AGBv9EHDn3YXFrwne4OZbBNbEpoPXsU0ngAqZz5+pXoRTivDd/1rw6c3RLL9Ym+V
a3tzsoFQNrWBxgyMNK4HR798/U/jEQgt+sTSeiL/4NFSVnBXhrYHrJaudfKd83k9
L1b1WciR45M=
=CnNJ
-----END PGP SIGNATURE-----

ESB-2022.3930.2 - UPDATE [Appliance] Mitsubishi Electric Multiple Factory Automation Products: CVSS (Max): 9.8

3 February 2023 at 03:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2022.3930.2
          Advisory (icsa-22-221-01) Mitsubishi Electric Multiple
                        Factory Automation Products
                              3 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Mitsubishi Electric Multiple Factory Automation Products
Publisher:         ICS-CERT
Operating System:  Network Appliance
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-1292 CVE-2022-0778 

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-22-221-01

Comment: CVSS (Max):  9.8 CVE-2022-1292 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: ICS-CERT
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Revision History:  February  3 2023: Vendor updated the advisory
                   August   10 2022: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-22-221-01)

Mitsubishi Electric Multiple Factory Automation Products (Update D)

Original release date: February 02, 2023

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 9.8
  o ATTENTION: Exploitable remotely/low attack complexity
  o Vendor: Mitsubishi Electric
  o Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial
    Managed Switch, MELSEC iQ-R Series OPC UA Server Module
  o Vulnerabilities: Infinite Loop, OS Command Injection

2. UPDATE INFORMATION

This updated advisory is a follow-up to the advisory update titled
ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update
C) that was published November 01, 2022, to the ICS webpage on cisa.gov/ics.

3. RISK EVALUATION

Successful exploitation of these vulnerabilities could create a
denial-of-service condition or enable arbitrary code execution.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

The following version of GT SoftGOT2000 is affected:

  o GOT2000 compatible HMI software (GT SoftGOT2000): Version 1.275M
  o CC-Link IE TSN Industrial Managed Switch (NZ2MHG-TSNT8F2, NZ2MHG-TSNT4):
    Version 03 and prior [affected by CVE-2022-0778 only]
  o MELSEC iQ-R Series OPC UA Server Module (RD81OPC96): Version 08 and prior
    [affected by CVE-2022-0778 only]

4.2 VULNERABILITY OVERVIEW

4.2.1 LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835

A vulnerability in OpenSSL creates the potential for an infinite loop in the
affected product, which could lead to a denial-of-service condition.

CVE-2022-0778 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/
I:N/A:H ).

4.2.2 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS
COMMAND INJECTION') CWE-78

A vulnerability in OpenSSL creates the potential for OS command injection in
the affected product, which could lead to arbitrary code execution.

CVE-2022-1292 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/
I:H/A:H ).

4.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Japan

4.4 RESEARCHER

Mitsubishi Electric reported these vulnerabilities to CISA.

5. MITIGATIONS

Mitsubishi Electric recommends the following mitigations for the affected
products:

  o GOT2000 compatible HMI software: Mitsubishi Electric has released a patch
    for these issues and recommends users update affected products to Version
    1.280S or later. Users should contact Mitsubishi Electric to obtain the
    patch.

  o CC-Link IE TSN Industrial Managed Switch: Mitsubishi Electric has released
    fixed firmware for these issues and recommends users update affected
    products to Version 04 or later. Users should contact Mitsubishi Electric
    to obtain the fixed firmware version.
       To update affected CC-Link IE TSN Industrial Managed Switch products,
        log into the product with the web interface and go to [System] ->
        [System Management] -> [Firmware Upgrade] from the Function menu after
        obtaining the updated firmware file.

  o CC-Link IE TSN Industrial Managed Switch: Mitsubishi Electric recommends
    users to log into NZ2MHG-TSNT8F2 or NZ2MHG-TSNT4 with the web interface and
    change the username and password from their default setting in [Account
    Management] on the function menu. They are also recommended to set proper
    access permissions for different users.

- --------- Begin Update D part 1 of 1 ---------

  o MELSEC iQ-R Series OPC UA Server Module: Mitsubishi Electric has released
    the fixed firmware for these issues and recommends users update affected
    products to Version 09 or later. Users should contact Mitsubishi Electric
    to obtain the fixed firmware version. Mitsubishi Electric recommends users
    ensure the OPC UA Client is updated to the latest version and to use
    legitimate certificates on the OPC UA Client side.

       To update the firmware of the affected device, use an SD card and refer
        to the "MELSEC iQ-R Module Configuration Manual (SH-081262ENG)".

- --------- End Update D part 1 of 1 ---------

For instructions on how to check the product version and more information
regarding contacting Mitsubishi Electric, refer to Mitsubishi Electric's
security advisory .

Mitsubishi Electric recommends users take the following precautions to minimize
the risk of these vulnerabilities being exploited:

  o When internet access is required, use a virtual private network (VPN) to
    prevent unauthorized access.
  o Use the products within a LAN and block access from untrusted networks and
    hosts.
  o For GOT2000 compatible HMI software: Update the OPC UA server to the latest
    version available.
  o For GOT2000 compatible HMI software: Install antivirus software on
    computers running the affected software.
  o Restrict physical access to computers running the affected software.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber
defense best practices are available for reading and download, including
Improving Industrial Control Systems Cybersecurity with Defense-in-Depth
Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage at cisa.gov/ics in the technical information paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing suspected malicious activity should follow established
internal procedures and report findings to CISA for tracking and correlation
against other incidents.

No known public exploits specifically target these vulnerabilities.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY9xhnskNZI30y1K9AQjarw/8CJXq0AxM++nkkzhC8doLc4ktnZOabzQo
AoNJtL+Hn76GKhskqvBJIBCr2F+vmDupIqsZcwMGdaumtG9BB/+XVRrDKRd+qUa/
Vi8FjZ4RUaTRM0Lj2mU2JrJ5boYUx40e2ZLuVrBqHbuO16ekATsO2RUeLd5NY9uL
pjirxoZN3hnburNl6RnoE/uqUeVLk5Qw5V8FFrtNhqWJaE/TWGDUR3S0gu62/EK1
hdkUmAbpZJNS77SaIGHgGJTsCU42Q7Ha17t48Vrc82NnBzEAGKTZ1W6wwwY83e9I
cPAVlHBZOClZYjhH/DuIflhpci/Gsyo2Pj0wV8+OqwJwYp1iVU7nr0QQhsrVL89U
aaQh4Yd0l8tmRv8Rru7j2rqh1DtOMfc0AzuPZatkNJ+idklNAZx9TRlHf4JyHhQY
fon17X30WhywDcyhOsWas+DjauBslYCRpuAAcfkNN6pU9jC54Q4W4FnTS0ofTLUQ
iuXApo1RgfD+g9vo4By5Vke+BMawW+zuf++bf/L8XXIjlfV1h1ETYkPuM1GFpGhg
kjwRRj61cl9TLMyGyn6g2v0PKOyzCtbI3a+yC/wKG2ZAn1F/DVE7efNxTFYeQsLR
yFoS0Cf36900c22ysBneQMhJH99HSj/f1f4ANEZFxPb0X6Dp5SO9lZGq/PHuftxV
RtMTrGCR+v8=
=9CTq
-----END PGP SIGNATURE-----
โŒ
โŒ