Esteban Ruiz

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2019.010.20100 and earlier Adobe Acrobat and Reader versions 2017.011.30140 and earlier Adobe Acrobat and Reader versions 2015.006.30495 and earlier **Description** A use-after-free issue exists, which could lead to arbitrary code execution if successfully exploited. This allows attackers to execute arbitrary code. **Recommendations** For versions 2019.010.20100 and earlier, update to a version later than 2019.010.20100 to resolve the issue. For versions 2017.011.30140 and earlier, update to a version later than 2017.011.30140 to resolve the issue. For versions 2015.006.30495 and earlier, update to a version later than 2015.006.30495 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2019.010.20100 and earlier Adobe Acrobat and Reader versions 2017.011.30140 and earlier Adobe Acrobat and Reader versions 2015.006.30495 and earlier **Description** The issue is an out-of-bounds write vulnerability that could lead to arbitrary code execution if successfully exploited. This vulnerability allows attackers to execute arbitrary code. **Recommendations** For Adobe Acrobat and Reader versions 2019.010.20100 and earlier, update to a version later than 2019.010.20100 to resolve the issue. For Adobe Acrobat and Reader versions 2017.011.30140 and earlier, update to a version later than 2017.011.30140 to resolve the issue. For Adobe Acrobat and Reader versions 2015.006.30495 and earlier, update to a version later than 2015.006.30495 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2019.010.20100 and earlier Adobe Acrobat and Reader versions 2017.011.30140 and earlier Adobe Acrobat and Reader versions 2015.006.30495 and earlier **Description** The issue is related to an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. This vulnerability affects the Adobe Acrobat and Reader products, allowing a remote attacker to execute arbitrary code due to a buffer overflow in memory. **Recommendations** For versions 2019.010.20100 and earlier, update to a version later than 2019.010.20100 to resolve the issue. For versions 2017.011.30140 and earlier, update to a version later than 2017.011.30140 to resolve the issue. For versions 2015.006.30495 and earlier, update to a version later than 2015.006.30495 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Omron CX-Programmer versions 9.70 and prior Common Components versions January 2019 and prior **Description** The issue arises when the application processes project files, specifically due to a failure in checking references to freed memory. This can be exploited by an attacker using a specially crafted project file, potentially leading to the execution of code under the application's privileges. **Recommendations** For Omron CX-Programmer versions 9.70 and prior, consider disabling the project file processing feature until a patch is available. For Common Components versions January 2019 and prior, restrict access to project file parsing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CX-Supervisor versions 3.42 and prior **Description** The issue is related to an access of uninitialized pointer vulnerability when processing project files, which could lead to type confusion. An attacker could exploit this by using a specially crafted project file to execute code under the privileges of the application. **Recommendations** For CX-Supervisor versions 3.42 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LCDS Laquis SCADA versions prior to 4.1.0.4150 **Description** The issue allows an attacker to supply a pointer for a controlled memory address using a specially crafted project file. This may lead to remote code execution, data exfiltration, or cause a system crash. **Recommendations** For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CX-Supervisor versions 3.42 and prior **Description** The issue allows an attacker to inject commands that can delete files or the contents of a file through a specially crafted project file. This can potentially lead to arbitrary file deletion. **Recommendations** For CX-Supervisor versions 3.42 and prior, update to a version later than 3.42 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LCDS Laquis SCADA versions prior to 4.1.0.4150 **Description** The issue allows execution of script code by opening a specially crafted report format file, which may lead to remote code execution, data exfiltration, or cause a system crash. Multiple vulnerabilities have been identified in the LAquis SCADA LGX Report, including path traversal, information disclosure, remote code execution, and arbitrary file creation. **Recommendations** For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue. As a temporary workaround, consider restricting the opening of report format files from untrusted sources until a patch is available. Avoid using the LGX Report feature until the issue is resolved. Restrict access to the LGX Report module to minimize the risk of exploitation. Consider disabling the `ShellExecute` function and other vulnerable functions until a patch is available. At the moment, there is no other information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LCDS Laquis SCADA versions prior to 4.1.0.4150 **Description** The issue allows an attacker to execute remote code on the server due to improper sanitation of user input. This can be achieved through command injection vulnerabilities in various components of the LAquis SCADA Web Server, including the relatorioindividual TAG, acompanhamentotela TAGALTERE, acompanhamentotela PAGINA, and relatorioindividual TITULO. **Recommendations** For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue. As a temporary workaround, consider restricting access to the LAquis SCADA Web Server to minimize the risk of exploitation. Avoid using user input in the affected components until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LCDS Laquis SCADA versions prior to 4.1.0.4150 **Description** The issue allows a user-supplied path in file operations prior to proper validation, which can be leveraged by an attacker to disclose sensitive information under the context of the web server process. **Recommendations** For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LCDS Laquis SCADA versions prior to 4.1.0.4150 **Description** The issue allows an authentication bypass, which may enable an attacker to access sensitive data. **Recommendations** For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OMRON CX-Supervisor versions 3.42 and prior **Description** The issue allows code injection into a project file, which can be exploited by an attacker to execute code under the privileges of the application. **Recommendations** For versions 3.42 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LCDS Laquis SCADA versions prior to 4.1.0.4150 **Description** The issue allows for an out of bounds read when opening a specially crafted project file. This may cause a system crash or allow data exfiltration. **Recommendations** For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CX-Supervisor versions 3.42 and prior **Description** A type confusion issue exists when processing project files, allowing an attacker to use a specially crafted project file to exploit and execute code under the privileges of the application. **Recommendations** For versions 3.42 and prior, update to a version later than 3.42 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LCDS Laquis SCADA versions prior to 4.1.0.4150 **Description** The issue allows the opening of a specially crafted report format file, which may cause an out of bounds read. This can lead to a system crash, allow data exfiltration, or enable remote code execution. **Recommendations** For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue. As a temporary workaround, consider restricting the opening of report format files from untrusted sources until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** LCDS Laquis SCADA versions prior to 4.1.0.4150 **Description** The issue allows an attacker to execute remote code on the server due to improper authorization or sanitation of user input. This can be achieved through command injection in certain parameters, such as `relatorionome TAG`, `relatorionome TITULO`, and `relatorionome NOME`. **Recommendations** For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected parameters `relatorionome TAG`, `relatorionome TITULO`, and `relatorionome NOME` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CX-One versions 4.42 and prior CX-Programmer versions 9.66 and prior CX-Server versions 5.0.23 and prior **Description** The issue is related to the use of memory after it has been freed, which can be exploited by an attacker using a specially crafted project file to execute code under the privileges of the application. This vulnerability affects the Omron CX-Programmer development environment, used for programming and configuring Omron PLCs, and the CX-Server system, which ensures compatibility between Omron devices. **Recommendations** For CX-One versions 4.42 and prior, consider disabling the project file processing feature until a patch is available. For CX-Programmer versions 9.66 and prior, restrict access to the CXP file parsing functionality to minimize the risk of exploitation. For CX-Server versions 5.0.23 and prior, avoid using the vulnerable version of the CX-Server system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Omron CX-Supervisor versions 3.4.1.0 and prior **Description** The issue allows an attacker to force the application to read a value outside of an array by tampering with the value of an offset when processing project files. This can lead to information disclosure. **Recommendations** For Omron CX-Supervisor versions 3.4.1.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.2.0.9297 **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of the `Form count` property due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.2.0.9297, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.2.0.9297 **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of the `setElement` method due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.2.0.9297, at the moment, there is no information about a newer version that contains a fix for this vulnerability.