Sergio Apellániz

**Name of the Vulnerable Software and Affected Versions** Control de Ciber version 1.650 **Description** The issue is a Denial of Service condition that affects Control de Ciber through the version function. Sending a malicious request could cause the server to check if an unrecognized component is up to date, resulting in a memory failure error that shuts down the process. **Recommendations** For Control de Ciber version 1.650, as a temporary workaround, consider disabling the version function until a patch is available. Restrict access to the version function to minimize the risk of exploitation. Avoid sending malicious requests to the server to prevent the Denial of Service condition. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Control de Ciber version 1.650 **Description** The issue is a Buffer Overflow vulnerability in the printing function. It occurs when an administrator tries to accept or delete a print query created by a modified request sent by an attacker. This could potentially cause a Buffer Overflow. **Recommendations** For Control de Ciber version 1.650, consider disabling the printing function until a patch is available to prevent potential exploitation. Restrict access to the printing function to minimize the risk of a Buffer Overflow. Avoid using the printing function in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cyber Control version 1.650 **Description** The issue affects the generation of pop-up windows on the server with specific messages, including "PNTMEDIDAS", "PEDIR", "HAYDISCOA", or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core. **Recommendations** For Cyber Control version 1.650, as a temporary workaround, consider restricting the generation of pop-up windows with the specified messages until a patch is available. Additionally, limiting simultaneous requests on a core may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.