Luigi Auriemma

**Name of the Vulnerable Software and Affected Versions** murmur-server (affected versions not specified) **Description** The issue is related to a Denial of Service (DoS) condition caused by a malformed client query. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 4.1.4393 **Description** The issue allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This is related to an information disclosure vulnerability. **Recommendations** For versions prior to 4.1.4393, update to version 4.1.4393 or later to resolve the issue. As a temporary workaround, consider restricting access to the guest role to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 4.1.4390 **Description** The issue is related to a stack-based buffer overflow in the SCADA server, which can be triggered by remote attackers to cause a denial of service, resulting in a system crash. This occurs when access is attempted to DLL code located in the IntegraXor directory. **Recommendations** For versions prior to 4.1.4390, update to version 4.1.4390 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ecava IntegraXor versions prior to 4.1.4369 **Description** The issue allows remote attackers to read arbitrary project backup files by using a crafted URL. **Recommendations** For versions prior to 4.1.4369, update to version 4.1.4369 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BlackBerry QNX Neutrino RTOS versions prior to 6.5.0 SP1 **Description** The issue is related to a buffer overflow in phrelay, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted packets to TCP port 4868. This is due to improper handling of the /dev/photon device file. **Recommendations** For versions prior to 6.5.0 SP1, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to TCP port 4868 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PROMOTIC versions prior to 8.1.5 **Description** A directory traversal issue exists in the PmWebDir object within the web server of MICROSYS PROMOTIC, allowing remote attackers to read arbitrary files. **Recommendations** For versions prior to 8.1.5, update to version 8.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MICROSYS PROMOTIC versions prior to 8.1.5 **Description** A stack-based buffer overflow issue exists in an ActiveX component, allowing remote attackers to cause a denial of service via a crafted web page. **Recommendations** For versions prior to 8.1.5, update to version 8.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MICROSYS PROMOTIC versions prior to 8.1.5 **Description** A heap-based buffer overflow issue exists in an ActiveX component, allowing remote attackers to cause a denial of service via a crafted web page. **Recommendations** For versions prior to 8.1.5, update to version 8.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HP iNode Management Center versions prior to iNode PC 5.1 E0304 **Description** The issue involves multiple unspecified vulnerabilities that allow remote attackers to execute arbitrary code via crafted input. A specific example is a stack-based buffer overflow in iNodeMngChecker.exe when processing a crafted 0x0A0BF007 packet. **Recommendations** For versions prior to iNode PC 5.1 E0304, update to iNode PC 5.1 E0304 or later to resolve the issue. As a temporary workaround, consider restricting access to the iNodeMngChecker.exe to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.17 Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.17 **Description** The issue allows remote attackers to cause a denial of service, potentially resulting in an invalid 0x00 write operation and daemon crash, via a crafted TCP packet sent to port 46824. The packet must contain a crafted positive integer after the opcode. **Recommendations** For Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.17, update to version 2.07.17 or later. For Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.17, update to version 2.07.17 or later.

**Name of the Vulnerable Software and Affected Versions** Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.17 Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.17 **Description** The issue allows remote attackers to read arbitrary files via port 46824 TCP packets. This is achieved by specifying a file-open operation with opcode `0x78` and a `..` (dot dot) in a pathname, followed by a file-read operation with opcode `0x96`, `0x97`, or `0x98`. **Recommendations** For Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.17, update to version 2.07.17 or later. For Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.17, update to version 2.07.17 or later.

**Name of the Vulnerable Software and Affected Versions** Winlog Pro SCADA versions prior to 2.07.18 Winlog Lite SCADA versions prior to 2.07.18 **Description** The issue allows remote attackers to execute arbitrary code via a crafted TCP packet sent to port 46824, containing a negative integer after the opcode. This triggers incorrect function-pointer processing, potentially leading to a buffer overflow. **Recommendations** For Winlog Pro SCADA versions prior to 2.07.18, update to version 2.07.18 or later. For Winlog Lite SCADA versions prior to 2.07.18, update to version 2.07.18 or later.

**Name of the Vulnerable Software and Affected Versions** Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.17 Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.17 **Description** The issue allows remote attackers to execute arbitrary code via a crafted TCP packet on port 46824. This is achieved by sending a packet with a crafted positive integer after the opcode, which triggers incorrect function-pointer processing and can lead to a buffer overflow. **Recommendations** For Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.17, update to version 2.07.17 or later. For Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.17, update to version 2.07.17 or later.

**Name of the Vulnerable Software and Affected Versions** Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.18 Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.18 **Description** The issue is related to the lack of validation of the return value of the `realloc` function, which can be exploited by remote attackers. This can be achieved by sending a crafted TCP packet to port 46824 with a negative integer after the opcode, potentially causing a denial of service due to an invalid 0x00 write operation and daemon crash. There may be other unspecified impacts. **Recommendations** For Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.18, update to version 2.07.18 or later. For Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.18, update to version 2.07.18 or later.

**Name of the Vulnerable Software and Affected Versions** Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.17 Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.17 **Description** A stack-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a crafted TCP packet on port 46824. This occurs due to an incorrect file-open attempt triggered by the ` TCPIPS BinOpenFileFP` function. **Recommendations** For Sielco Sistemi Winlog Pro SCADA versions prior to 2.07.17, update to version 2.07.17 or later. For Sielco Sistemi Winlog Lite SCADA versions prior to 2.07.17, update to version 2.07.17 or later.

**Name of the Vulnerable Software and Affected Versions** Samsung D6000 TV (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a long string in certain fields. This can be demonstrated using the MAC address field and may be related to a buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung D6000 TV (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a continuous restart, by using a crafted controller name. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung NET-i viewer versions 1.37.120316 **Description** The issue allows remote attackers to execute arbitrary code. It is related to the ConnectDDNS method in the STWConfigNVR and STWConfig ActiveX controls. **Recommendations** For Samsung NET-i viewer version 1.37.120316, consider disabling the ConnectDDNS method in the STWConfigNVR and STWConfig ActiveX controls as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung NET-i viewer version 1.37.120316 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by sending a TCP request with a negative size value to specific services, including "NiwMasterService" or "NiwStorageService". **Recommendations** For Samsung NET-i viewer version 1.37.120316, consider restricting access to the NiwMasterService and NiwStorageService until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Samsung NET-i viewer versions 1.37.120316 **Description** The issue is related to multiple stack-based buffer overflows in the BackupToAvi method within the UMS Ctrl and UMS Ctrl STW ActiveX controls. This allows remote attackers to execute arbitrary code via a long string in the `fname` parameter. **Recommendations** For Samsung NET-i viewer version 1.37.120316, consider disabling the BackupToAvi method until a patch is available. Restrict access to the UMS Ctrl and UMS Ctrl STW ActiveX controls to minimize the risk of exploitation. Avoid using the `fname` parameter in the affected API endpoint until the issue is resolved.