James Fitts

**Name of the Vulnerable Software and Affected Versions** LAquis SCADA software versions prior to 4.1.0.3237 **Description** The issue concerns a directory traversal information disclosure problem. It arises because the software does not properly neutralize external input, allowing users to potentially access absolute path sequences outside of their intended privilege level. **Recommendations** For LAquis SCADA software versions prior to 4.1.0.3237, update to version 4.1.0.3237 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** VIPA Controls WinPLC7 versions 5.0.45.5921 and prior **Description** A Stack Buffer Overflow issue has been discovered, allowing an attacker with a specially crafted packet to overflow the fixed length buffer, potentially enabling remote code execution. **Recommendations** For VIPA Controls WinPLC7 versions 5.0.45.5921 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fatek Automation PLC WinProladder version 3.11 Build 14701 **Description** A stack-based buffer overflow issue exists when the software connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution. **Recommendations** For Fatek Automation PLC WinProladder version 3.11 Build 14701, consider restricting connections to trusted servers to minimize the risk of exploitation. As a temporary workaround, implement additional network security measures to block potential malicious connections until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech SUISAccess Server versions 3.0 and prior **Description** The issue allows an attacker to traverse the file system and extract files, resulting in information disclosure. This is related to the `downloadCSV` file parameter. **Recommendations** For Advantech SUISAccess Server versions 3.0 and prior, consider restricting access to the `downloadCSV` file parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infinite Automation Mango Automation versions 2.5.x through 2.6.0 build 430 **Description** The issue allows remote authenticated users to execute arbitrary OS commands. **Recommendations** For versions 2.5.x through 2.6.0 build 430, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlienVault OSSIM versions prior to 4.7.0 **Description** The issue allows remote attackers to execute arbitrary commands via crafted requests to specific API endpoints, including `update system info debian package`, `ossec task`, `set ossim setup admin ip`, `sync rserver`, and `set ossim setup framework ip`. This is a remote code execution issue. **Recommendations** For versions prior to 4.7.0, update to version 4.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Avoid using the vulnerable functions `update system info debian package`, `ossec task`, `set ossim setup admin ip`, `sync rserver`, and `set ossim setup framework ip` in the affected AlienVault OSSIM versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AlienVault OSSIM versions prior to 4.7.0 **Description** The issue allows remote attackers to execute arbitrary commands via crafted requests to the av-centerd SOAP service. Specifically, this can be done through the `get license`, `get log line`, or `update system/upgrade pro web` requests. **Recommendations** For versions prior to 4.7.0, update to version 4.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get license`, `get log line`, and `update system/upgrade pro web` requests in the av-centerd SOAP service until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** InduSoft Web Studio version 7.1 before SP2 Patch 4 **Description** The issue allows remote attackers to read administrative passwords in APP files and execute arbitrary code via unspecified web requests. This is due to a directory traversal vulnerability in NTWebServer. **Recommendations** For InduSoft Web Studio version 7.1 before SP2 Patch 4, apply SP2 Patch 4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WellinTech KingSCADA versions prior to 3.1.2.13 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a crafted packet. This can lead to remote code execution. **Recommendations** For versions prior to 3.1.2.13, update to version 3.1.2.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intergraph ERDAS ER Viewer versions prior to 13.0.1.1301 **Description** The issue is a stack-based buffer overflow in the ermapper u.dll component, which can be triggered by a crafted ERS file. This can lead to the execution of arbitrary code or cause a denial of service, resulting in an application crash. **Recommendations** For versions prior to 13.0.1.1301, update to version 13.0.1.1301 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intergraph ERDAS ER Viewer versions prior to 13.0.1.1301 **Description** The issue is related to a stack-based buffer overflow in the `rf report error` function, which can be triggered by a long string in an ERS file. This can lead to the execution of arbitrary code or cause the application to crash. **Recommendations** For versions prior to 13.0.1.1301, update to version 13.0.1.1301 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Brocade Network Advisor versions prior to 12.1.0 **Description** The issue allows remote attackers to execute arbitrary code by using a servlet to upload an executable file. This is related to the FileUploadController Servlet in EMC Connectrix Manager Converged Network Edition. **Recommendations** For versions prior to 12.1.0, update to version 12.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the servlet functionality to minimize the risk of exploitation. Restrict access to the vulnerable servlets, such as UnifiedFileUploadMoreInfoServlet, BootFileUploadMoreInfoServlet, and SoftwareFileUploadMoreInfoServlet, to prevent remote code execution.

**Name of the Vulnerable Software and Affected Versions** EMC AlphaStor versions 4.0 before build 910 **Description** The issue is related to a buffer overflow in the Library Control Program (LCP) that allows remote attackers to execute arbitrary code via crafted commands. **Recommendations** For versions 4.0 before build 910, update to a version that includes build 910 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Carel PlantVisor versions 2.4.4 and earlier **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by including a .. (dot dot) in an HTTP GET request. **Recommendations** For Carel PlantVisor versions 2.4.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.