John Stock

**Name of the Vulnerable Software and Affected Versions** Kabona AB WebDatorCentral (WDC) versions prior to 3.4.0 **Description** An issue was discovered in the Kabona AB WebDatorCentral (WDC) application where the web server URL inputs are not sanitized correctly, potentially allowing cross-site scripting vulnerabilities. **Recommendations** For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kabona AB WebDatorCentral (WDC) versions prior to 3.4.0 **Description** An issue was discovered in the Kabona AB WebDatorCentral (WDC) application, which is related to a non-validated redirect or non-validated forward, also known as an open redirect. This issue can be chained with authenticated vulnerabilities. **Recommendations** For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sauter moduWeb Vision versions prior to 1.6.0 **Description** The issue is related to the transmission of data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. This is due to a web server vulnerability in the visualization of BACnet/IP network controllers. **Recommendations** For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting network access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sauter moduWeb Vision versions prior to 1.6.0 **Description** The issue is related to errors in security settings, allowing remote attackers to bypass authentication by leveraging knowledge of a password hash without knowing the associated password. **Recommendations** For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the moduWeb Vision interface until the update is applied.