ICSA-23-115-01
Vulnerability from csaf_cisa - Published: 2023-04-25 06:00 - Updated: 2023-11-21 07:00Summary
Keysight N8844A Data Analytics Web Service (Update A)
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of this vulnerability could lead to remote code execution.
Critical infrastructure sectors: Communications, Government
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
9.8 (Critical)
Affected products
Known affected
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
N8844A Data Analytics Web Service: <=2.1.7351
Keysight / N8844A Data Analytics Web Service
|
<=2.1.7351 |
Mitigation
fix
|
|
|
5G Test SW: vers:all/*
Keysight / 5G Test SW
|
vers:all/* |
Mitigation
fix
|
|
|
89600 Vector Signal Analysis SW: <June/20/2023
Keysight / 89600 Vector Signal Analysis SW
|
<June/20/2023 |
Mitigation
fix
|
|
|
Arbitrary Waveform Generators: vers:all/*
Keysight / Arbitrary Waveform Generators
|
vers:all/* |
Mitigation
fix
|
|
|
Automotive Compliance Apps: <April/17/2023
Keysight / Automotive Compliance Apps
|
<April/17/2023 |
Mitigation
fix
|
|
|
AXIe Embedded Controllers: <June/2/2023
Keysight / AXIe Embedded Controllers
|
<June/2/2023 |
Mitigation
fix
|
|
|
BenchVue: vers:all/*
Keysight / BenchVue
|
vers:all/* |
Mitigation
fix
|
|
|
BERTs and Compliance Test SW: vers:all/*
Keysight / BERTs and Compliance Test SW
|
vers:all/* |
Mitigation
fix
|
|
|
Boundary Scan Analyzers: <April/20/2023
Keysight / Boundary Scan Analyzers
|
<April/20/2023 |
Mitigation
fix
|
|
|
Component Analysis SW: <April/22/2023
Keysight / Component Analysis SW
|
<April/22/2023 |
Mitigation
fix
|
|
|
Device Current Waveform Analyzers: <April/20/2023
Keysight / Device Current Waveform Analyzers
|
<April/20/2023 |
Mitigation
fix
|
|
|
ENA Network Analyzers: <April/5/2023
Keysight / ENA Network Analyzers
|
<April/5/2023 |
Mitigation
fix
|
|
|
EXM Wireless Test: <April/20/2023
Keysight / EXM Wireless Test
|
<April/20/2023 |
Mitigation
fix
|
|
|
In-Circuit Parallel Testers: <July/21/2023
Keysight / In-Circuit Parallel Testers
|
<July/21/2023 |
Mitigation
fix
|
|
|
Infiniium Oscilloscopes: vers:all/*
Keysight / Infiniium Oscilloscopes
|
vers:all/* |
Mitigation
fix
|
|
|
InfiniiVision USB and PXIe Oscilloscope SW: <April/17/2023
Keysight / InfiniiVision USB and PXIe Oscilloscope SW
|
<April/17/2023 |
Mitigation
fix
|
|
|
Logic Analyzers: <April/19/2023
Keysight / Logic Analyzers
|
<April/19/2023 |
Mitigation
fix
|
|
|
Massively Parallel Board Test Systems: vers:all/*
Keysight / Massively Parallel Board Test Systems
|
vers:all/* |
Mitigation
fix
|
|
|
Multi-Band Vector Transceiver Solutions: vers:all/*
Keysight / Multi-Band Vector Transceiver Solutions
|
vers:all/* |
Mitigation
fix
|
|
|
Multiport ECal SW: <April/22/2023
Keysight / Multiport ECal SW
|
<April/22/2023 |
Mitigation
fix
|
|
|
MXE EMI Test Receivers: vers:all/*
Keysight / MXE EMI Test Receivers
|
vers:all/* |
Mitigation
fix
|
|
|
Noise Figure Analyzers: <March/24/2023
Keysight / Noise Figure Analyzers
|
<March/24/2023 |
Mitigation
fix
|
|
|
Open RAN Studio: <April/21/2023
Keysight / Open RAN Studio
|
<April/21/2023 |
Mitigation
fix
|
|
|
Optical Modulation Analyzers: <April/13/2023
Keysight / Optical Modulation Analyzers
|
<April/13/2023 |
Mitigation
fix
|
|
|
Oscilloscope Compliance Test SW: vers:all/*
Keysight / Oscilloscope Compliance Test SW
|
vers:all/* |
Mitigation
fix
|
|
|
PathWave Lab Operations for Connectivity: <April/7/2023
Keysight / PathWave Lab Operations for Connectivity
|
<April/7/2023 |
Mitigation
fix
|
|
|
PathWave Measurement SW: <March/24/2023
Keysight / PathWave Measurement SW
|
<March/24/2023 |
Mitigation
fix
|
|
|
PathWave Test Automation Platform (TAP): vers:all/*
Keysight / PathWave Test Automation Platform (TAP)
|
vers:all/* |
Mitigation
fix
|
|
|
Phase Noise Test System: <March/15/2023
Keysight / Phase Noise Test System
|
<March/15/2023 |
Mitigation
fix
|
|
|
PNA Network Analyzers: <May/4/2023
Keysight / PNA Network Analyzers
|
<May/4/2023 |
Mitigation
fix
|
|
|
Precision Source/Measure Units: <April/20/2023
Keysight / Precision Source/Measure Units
|
<April/20/2023 |
Mitigation
fix
|
|
|
Propsim Channel Emulators: <May/5/2023
Keysight / Propsim Channel Emulators
|
<May/5/2023 |
Mitigation
fix
|
|
|
PXIe Embedded Controllers: <May/12/2023
Keysight / PXIe Embedded Controllers
|
<May/12/2023 |
Mitigation
fix
|
|
|
PXIe Network Analyzers: vers:all/*
Keysight / PXIe Network Analyzers
|
vers:all/* |
Mitigation
fix
|
|
|
PXIe Signal Analyzers and Generators: vers:all/*
Keysight / PXIe Signal Analyzers and Generators
|
vers:all/* |
Mitigation
fix
|
|
|
Radar Target Simulators: vers:all/*
Keysight / Radar Target Simulators
|
vers:all/* |
Mitigation
fix
|
|
|
Sampling Oscilloscope Compliance Test SW: vers:all/*
Keysight / Sampling Oscilloscope Compliance Test SW
|
vers:all/* |
Mitigation
fix
|
|
|
Signal Generation SW: vers:all/*
Keysight / Signal Generation SW
|
vers:all/* |
Mitigation
fix
|
|
|
Signal Source Analyzers: <July/7/2023
Keysight / Signal Source Analyzers
|
<July/7/2023 |
Mitigation
fix
|
|
|
USB Network Analyzers: <April/22/2023
Keysight / USB Network Analyzers
|
<April/22/2023 |
Mitigation
fix
|
|
|
UXM 5G Wireless Test: <March/24/2023
Keysight / UXM 5G Wireless Test
|
<March/24/2023 |
Mitigation
fix
|
|
|
VXG Signal Generators: <April/27/2023
Keysight / VXG Signal Generators
|
<April/27/2023 |
Mitigation
fix
|
|
|
VXT PXIe Transceivers: vers:all/*
Keysight / VXT PXIe Transceivers
|
vers:all/* |
Mitigation
fix
|
|
|
WaveJudge Wireless Analyzer Apps: <April/5/2023
Keysight / WaveJudge Wireless Analyzer Apps
|
<April/5/2023 |
Mitigation
fix
|
|
|
X-Series Signal Analyzers: vers:all/*
Keysight / X-Series Signal Analyzers
|
vers:all/* |
Mitigation
fix
|
References
12 references
Acknowledgments
Trend Micro Zero Day Initiative
An anonymous researcher
{
"document": {
"acknowledgments": [
{
"names": [
"An anonymous researcher"
],
"organization": "Trend Micro Zero Day Initiative",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could lead to remote code execution. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Communications, Government",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-23-115-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-115-01.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-23-115-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/Recommended-Practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://cisa.gov/ics"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Keysight N8844A Data Analytics Web Service (Update A)",
"tracking": {
"current_release_date": "2023-11-21T07:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-115-01",
"initial_release_date": "2023-04-25T06:00:00.000000Z",
"revision_history": [
{
"date": "2023-04-25T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2023-11-21T07:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Added affected products and mitigations."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.1.7351",
"product": {
"name": "N8844A Data Analytics Web Service: \u003c=2.1.7351",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "N8844A Data Analytics Web Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "5G Test SW: vers:all/*",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "5G Test SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cJune/20/2023",
"product": {
"name": "89600 Vector Signal Analysis SW: \u003cJune/20/2023",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "89600 Vector Signal Analysis SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Arbitrary Waveform Generators: vers:all/*",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Arbitrary Waveform Generators"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/17/2023",
"product": {
"name": "Automotive Compliance Apps: \u003cApril/17/2023",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Automotive Compliance Apps"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cJune/2/2023",
"product": {
"name": "AXIe Embedded Controllers: \u003cJune/2/2023",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "AXIe Embedded Controllers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "BenchVue: vers:all/*",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "BenchVue"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "BERTs and Compliance Test SW: vers:all/*",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "BERTs and Compliance Test SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/20/2023",
"product": {
"name": "Boundary Scan Analyzers: \u003cApril/20/2023",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Boundary Scan Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/22/2023",
"product": {
"name": "Component Analysis SW: \u003cApril/22/2023",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Component Analysis SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/20/2023",
"product": {
"name": "Device Current Waveform Analyzers: \u003cApril/20/2023",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Device Current Waveform Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/5/2023",
"product": {
"name": "ENA Network Analyzers: \u003cApril/5/2023",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "ENA Network Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/20/2023",
"product": {
"name": "EXM Wireless Test: \u003cApril/20/2023",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "EXM Wireless Test"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cJuly/21/2023",
"product": {
"name": "In-Circuit Parallel Testers: \u003cJuly/21/2023",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "In-Circuit Parallel Testers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Infiniium Oscilloscopes: vers:all/*",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "Infiniium Oscilloscopes"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/17/2023",
"product": {
"name": "InfiniiVision USB and PXIe Oscilloscope SW: \u003cApril/17/2023",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "InfiniiVision USB and PXIe Oscilloscope SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/19/2023",
"product": {
"name": "Logic Analyzers: \u003cApril/19/2023",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "Logic Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Massively Parallel Board Test Systems: vers:all/*",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Massively Parallel Board Test Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Multi-Band Vector Transceiver Solutions: vers:all/*",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Multi-Band Vector Transceiver Solutions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/22/2023",
"product": {
"name": "Multiport ECal SW: \u003cApril/22/2023",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Multiport ECal SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "MXE EMI Test Receivers: vers:all/*",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "MXE EMI Test Receivers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cMarch/24/2023",
"product": {
"name": "Noise Figure Analyzers: \u003cMarch/24/2023",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "Noise Figure Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/21/2023",
"product": {
"name": "Open RAN Studio: \u003cApril/21/2023",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "Open RAN Studio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/13/2023",
"product": {
"name": "Optical Modulation Analyzers: \u003cApril/13/2023",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "Optical Modulation Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Oscilloscope Compliance Test SW: vers:all/*",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "Oscilloscope Compliance Test SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/7/2023",
"product": {
"name": "PathWave Lab Operations for Connectivity: \u003cApril/7/2023",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "PathWave Lab Operations for Connectivity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cMarch/24/2023",
"product": {
"name": "PathWave Measurement SW: \u003cMarch/24/2023",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "PathWave Measurement SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PathWave Test Automation Platform (TAP): vers:all/*",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "PathWave Test Automation Platform (TAP)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cMarch/15/2023",
"product": {
"name": "Phase Noise Test System: \u003cMarch/15/2023",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "Phase Noise Test System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cMay/4/2023",
"product": {
"name": "PNA Network Analyzers: \u003cMay/4/2023",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "PNA Network Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/20/2023",
"product": {
"name": "Precision Source/Measure Units: \u003cApril/20/2023",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "Precision Source/Measure Units"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cMay/5/2023",
"product": {
"name": "Propsim Channel Emulators: \u003cMay/5/2023",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "Propsim Channel Emulators"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cMay/12/2023",
"product": {
"name": "PXIe Embedded Controllers: \u003cMay/12/2023",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "PXIe Embedded Controllers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PXIe Network Analyzers: vers:all/*",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "PXIe Network Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PXIe Signal Analyzers and Generators: vers:all/*",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "PXIe Signal Analyzers and Generators"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Radar Target Simulators: vers:all/*",
"product_id": "CSAFPID-0036"
}
}
],
"category": "product_name",
"name": "Radar Target Simulators"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Sampling Oscilloscope Compliance Test SW: vers:all/*",
"product_id": "CSAFPID-0037"
}
}
],
"category": "product_name",
"name": "Sampling Oscilloscope Compliance Test SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Signal Generation SW: vers:all/*",
"product_id": "CSAFPID-0038"
}
}
],
"category": "product_name",
"name": "Signal Generation SW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cJuly/7/2023",
"product": {
"name": "Signal Source Analyzers: \u003cJuly/7/2023",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "Signal Source Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/22/2023",
"product": {
"name": "USB Network Analyzers: \u003cApril/22/2023",
"product_id": "CSAFPID-0040"
}
}
],
"category": "product_name",
"name": "USB Network Analyzers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cMarch/24/2023",
"product": {
"name": "UXM 5G Wireless Test: \u003cMarch/24/2023",
"product_id": "CSAFPID-0041"
}
}
],
"category": "product_name",
"name": "UXM 5G Wireless Test"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/27/2023",
"product": {
"name": "VXG Signal Generators: \u003cApril/27/2023",
"product_id": "CSAFPID-0042"
}
}
],
"category": "product_name",
"name": "VXG Signal Generators"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "VXT PXIe Transceivers: vers:all/*",
"product_id": "CSAFPID-0043"
}
}
],
"category": "product_name",
"name": "VXT PXIe Transceivers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cApril/5/2023",
"product": {
"name": "WaveJudge Wireless Analyzer Apps: \u003cApril/5/2023",
"product_id": "CSAFPID-0044"
}
}
],
"category": "product_name",
"name": "WaveJudge Wireless Analyzer Apps"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "X-Series Signal Analyzers: vers:all/*",
"product_id": "CSAFPID-0045"
}
}
],
"category": "product_name",
"name": "X-Series Signal Analyzers"
}
],
"category": "vendor",
"name": "Keysight "
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1967",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1967"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Keysight has developed a mitigation for supported Keysight products that contain this vulnerability. They recommend that users install the updated versions as soon as possible. Older versions of impacted software may have this vulnerability; Keysight recommends that users discontinue the use of these older versions and uninstall them. To check whether your products are impacted, and to get the latest versions, use the Keysight Product Lookup Tool",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045"
],
"url": "https://www.keysight.com/us/en/about/quality-and-security/security/product-and-solution-cyber-security/security-advisory-archive/security-advisory--cve-2023-1967.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045"
]
}
]
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…