Patrick Muench

**Nome do software vulnerável e versões afetadas** Dispositivos PLCnext Control da Phoenix Contact, versões anteriores à 2021.0 LTS **Descrição** A vulnerabilidade permite que um invasor abra um shell reverso com privilégios de root. **Recomendações** Para versões anteriores à 2021.0 LTS, atualize para a versão 2021.0 LTS ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Dispositivos PLCnext Control da Phoenix Contact em versões anteriores à 2021.0 LTS **Descrição** A vulnerabilidade permite que um invasor obtenha informações confidenciais mal protegidas, o que pode ser usado para planejar novos ataques. **Recomendações** Para versões anteriores à 2021.0 LTS, atualize para a versão 2021.0 LTS ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Dispositivos PLCnext Control da Phoenix Contact em versões anteriores à 2021.0 LTS **Descrição** A vulnerabilidade permite que um usuário autenticado com privilégios limitados insira código JavaScript malicioso, podendo obter direitos de administrador quando um usuário administrador acessa o site vulnerável. Trata-se de um caso de escalonamento de privilégios local. **Recomendações** Para versões anteriores à 2021.0 LTS, atualize para a versão 2021.0 LTS ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso ao site vulnerável para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas: GitLab Enterprise versão 12.0.0-pre Descrição: A vulnerabilidade permite que invasores remotos autenticados leiam os registros do Docker de outros grupos. Isso ocorre quando um usuário legítimo altera o caminho de um grupo e os registros do Docker não são atualizados, permanecendo no namespace antigo e ficando disponíveis para todos os outros usuários que não tinham acesso prévio ao repositório. Recomendações: Para o GitLab Enterprise versão 12.0.0-pre, considere restringir o acesso aos registros do Docker até que uma correção esteja disponível para impedir o acesso não autorizado. Como solução temporária, evite alterar o caminho de um grupo para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** ARP-GUARD version 4.0.0-5 **Description** A SQL injection issue allows unauthenticated remote attackers to execute arbitrary SQL commands. This is achieved via the `user id` parameter in a "/login/forgot1" POST request. **Recommendations** For ARP-GUARD version 4.0.0-5, avoid using the `user id` parameter in the "/login/forgot1" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SECUDOS DOMOS versions prior to 5.6 **Description** The issue concerns the Log module in SECUDOS DOMOS, which allows local file inclusion. **Recommendations** For versions prior to 5.6, update to version 5.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SECUDOS DOMOS versions prior to 5.6 **Description** The issue affects the Log module, allowing for cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 5.6, update to version 5.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG Homematic CCU3 versions 3.43.15 and earlier **Description** The issue allows unauthenticated remote attackers to disclose password hashes of GUI users through the User.getUserPWD method. This can be exploited by attackers with access to the web interface. **Recommendations** For versions 3.43.15 and earlier, update to a version that fixes this issue to prevent unauthenticated password hash disclosure. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Lifesize Icon version 3.7.0 (2421) **Description** A Remote Code Execution issue in the DNS Query Web UI allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request. **Recommendations** For version 3.7.0 (2421), consider disabling access to the DNS Query Web UI until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG Homematic CCU3 versions 3.43.15 and earlier **Description** The issue allows remote attackers to read arbitrary files of the device's filesystem through Directory Traversal or Arbitrary File Read. This can be exploited by unauthenticated attackers with access to the web interface. **Recommendations** For versions 3.43.15 and earlier, update to a version later than 3.43.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Semcosoft version 5.3 **Description** A reflected Cross-Site scripting issue allows remote attackers to inject arbitrary web scripts or HTML via the `username` parameter to the "Login Form" API endpoint. **Recommendations** For Semcosoft version 5.3, consider validating and sanitizing user input for the `username` parameter in the Login Form to prevent arbitrary script injection. As a temporary workaround, restrict access to the Login Form until a patch is available.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG HomeMatic CCU2 version 2.29.22 **Description** The issue allows exploitation by sending arbitrary XML-RPC requests to control attached BidCos devices, due to an open XML-RPC port without authentication. **Recommendations** For version 2.29.22, consider restricting access to the XML-RPC port to minimize the risk of exploitation. As a temporary workaround, limit control of the attached BidCos devices until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG HomeMatic CCU2 version 2.29.22 **Description** The issue concerns the download of software update packages via the HTTP protocol, which lacks cryptographic protection. An attacker with a privileged network position can exploit this to provide malicious firmware updates, potentially resulting in a full system compromise. **Recommendations** For eQ-3 AG HomeMatic CCU2 version 2.29.22, consider disabling the `loopupd.sh` script in `/usr/local/etc/config/addons/mh/` as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG Homematic CCU2 versions 2.29.2 and earlier **Description** The issue allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem through the User.getLanguage method. This can be exploited by unauthenticated attackers with access to the web interface. **Recommendations** For versions 2.29.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG Homematic CCU2 versions 2.29.2 and earlier **Description** The issue allows authenticated attackers to perform Remote Code Execution in the addon installation process. This enables them to create or overwrite arbitrary files or install malicious software on the device. **Recommendations** For versions 2.29.2 and earlier, update to a version later than 2.29.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG Homematic CCU2 versions 2.29.2 and earlier **Description** The issue is related to a method called `User.setLanguage` and is associated with security mechanism weaknesses. This allows remote attackers to write arbitrary files to the device's filesystem and potentially execute arbitrary code on the device using the web interface. The vulnerability can be exploited by unauthenticated attackers with access to the web interface. **Recommendations** For versions 2.29.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG Homematic CCU2 versions 2.29.2 and earlier **Description** The issue is related to a Remote Code Execution vulnerability in the TCL script interpreter. This allows remote attackers to obtain read/write access and execute system commands on the device. The vulnerability can be exploited by unauthenticated attackers with access to the web interface. It is associated with shortcomings in the security mechanisms of the TCL script interpreter, enabling remote attackers to read and write arbitrary files and execute system commands on the device using the web interface. **Recommendations** For versions 2.29.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.