Jony Schats

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to an authentication flaw that allows an attacker to generate a web report, potentially disclosing sensitive information such as internal IP addresses, usernames, store names, and other sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface, potentially leading to a full system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. The issue allows for the execution of arbitrary commands, potentially leading to significant system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Danfoss AK-EM100 (affected versions not specified) **Description** The issue concerns Reflected Cross-Site Scripting in the `title` parameter of the web application. This allows for potential malicious script injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Danfoss AK-EM100 (affected versions not specified) **Description** The issue concerns Local File Inclusion in the `file` parameter of the web application. This allows for potential access to sensitive files on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Danfoss AK-EM100 (affected versions not specified) **Description** The issue allows an authenticated user to perform OS command injection through web application parameters. This can potentially lead to unauthorized access and control of the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Danfoss AK-EM100 (affected versions not specified) **Description** The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames, and internal device values. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Danfoss AK-EM100 (affected versions not specified) **Description** The issue concerns Reflected Cross-Site Scripting in the web applications of Danfoss AK-EM100. This allows for malicious scripts to be reflected off a vulnerable web application to the user's browser, potentially leading to unauthorized actions on behalf of the user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Danfoss AK-EM100 (affected versions not specified) **Description** The issue concerns SQL injection in the login forms of the web interface. This allows for potential unauthorized access or manipulation of data. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Danfoss AK-EM100 (affected versions not specified) **Description** The issue concerns the storage of login credentials in cleartext. This means that the credentials are not encrypted, potentially allowing unauthorized access. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 SolarView Compact SV-CPT-MC310F versions prior to Ver.8.10 **Description** The issue is related to the use of hard-coded credentials, which may allow a remote authenticated attacker to log in to the affected product with administrative privileges and perform unintended operations. **Recommendations** For SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, update to Ver.8.10 or later to resolve the issue. For SolarView Compact SV-CPT-MC310F versions prior to Ver.8.10, update to Ver.8.10 or later to resolve the issue.