B0Nd

**Name of the Vulnerable Software and Affected Versions** Omron CX-Supervisor versions 3.4.1.0 and prior **Description** The issue allows an attacker to force the application to read a value outside of an array by tampering with the value of an offset when processing project files. This can lead to information disclosure. **Recommendations** For Omron CX-Supervisor versions 3.4.1.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LAquis SCADA versions 4.1.0.3870 and prior Description: The issue is related to a buffer overflow in memory due to improper data recording. This can be exploited by an attacker using a specially crafted file, potentially allowing the execution of arbitrary code. The vulnerability is also related to the application's failure to sanitize user input when processing project files, which may enable an attacker to execute code under the current process. Recommendations: For LAquis SCADA versions 4.1.0.3870 and prior, consider restricting the processing of project files from untrusted sources until a patch is available. As a temporary workaround, avoid using specially crafted files that could trigger the buffer overflow issue. Restrict access to the `LQS File Parsing` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior **Description** The issue is related to a stack-based buffer overflow that occurs when parsing .dpa files. This happens because the software uses a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. **Recommendations** For Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior, as a temporary workaround, consider restricting the use of .dpa files until a patch is available. Avoid using the vulnerable DOPSoft version to parse .dpa files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior **Description** The issue is related to improper restriction of operations within the bounds of a memory buffer. This occurs when the software performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. As a result, it may allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. **Recommendations** For Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LAquis SCADA versions 4.1.0.3870 and prior Description: The issue is related to out-of-bounds read vulnerabilities in the LQS file parsing functionality of LAquis SCADA, which may allow remote code execution. This is due to a buffer overflow in memory. The vulnerability can be exploited by a remote attacker to execute arbitrary code. Recommendations: For LAquis SCADA versions 4.1.0.3870 and prior, consider disabling the LQS file parsing functionality until a patch is available to prevent potential remote code execution. Restrict access to the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iSharer File Sharing Wizard version 1.5.0 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long HEAD request. **Recommendations** For iSharer File Sharing Wizard version 1.5.0, update to a newer version that contains a fix for this issue.