T4Rkd3Vilz

**Name of the Vulnerable Software and Affected Versions** Grundig Smart Inter@ctive TV version 3.0 **Description** The issue allows for CSRF attacks via a POST request to TCP port 8085, utilizing a predictable ID value. For example, a request to the API endpoint "/sendrcpackage" with parameters such as `keyid` and `keysymbol` can be used to shut off the device. **Recommendations** For Grundig Smart Inter@ctive TV version 3.0, as a temporary workaround, consider restricting access to the TCP port 8085 to minimize the risk of exploitation. Avoid using the `/sendrcpackage` API endpoint with parameters like `keyid` and `keysymbol` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation COMMGR versions 1.08 and prior Description: The issue is related to a fixed-length stack buffer that can be overwritten when an unverified length value is read from network packets via a specific network port. This can lead to remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. Recommendations: For Delta Industrial Automation COMMGR versions 1.08 and prior, consider disabling the network port that accepts unverified length values until a patch is available to prevent potential remote code execution or denial-of-service conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tor versions 0.3.2.x through 0.3.2.9 **Description** A use-after-free issue was discovered, allowing remote attackers to cause a denial of service because the KIST implementation allows a channel to be added more than once in the pending list. **Recommendations** For Tor versions 0.3.2.x through 0.3.2.9, update to version 0.3.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the KIST implementation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Schneider Electric IONXXXX series power meters versions (affected versions not specified) Schneider Electric ION73XX series power meters versions (affected versions not specified) Schneider Electric ION75XX series power meters versions (affected versions not specified) Schneider Electric ION76XX series power meters versions (affected versions not specified) Schneider Electric ION8650 series power meters versions (affected versions not specified) Schneider Electric ION8800 series power meters versions (affected versions not specified) Schneider Electric PM5XXX series power meters versions (affected versions not specified) **Description** The issue is related to the lack of a CSRF Token to authenticate users during sessions. This allows unauthorized configuration changes to be made and saved. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Siemens SCALANCE S613 (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a web-server outage. This can be achieved by sending traffic to TCP port 443. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation Allen-Bradley CompactLogix 1769-L* versions prior to 28.011 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 28.011, update to version 28.011 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-300 CPU devices (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a defect-mode transition. This can be achieved by sending crafted packets on either TCP port 102 or via Profibus. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1500 CPU devices versions prior to 1.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device restart and STOP transition, via crafted TCP packets. **Recommendations** For versions prior to 1.6, update the firmware to version 1.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Honeywell FALCON XLWeb Linux controller devices versions 2.04.01 and earlier Honeywell FALCON XLWeb XLWebExe controller devices versions 2.02.11 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via invalid input, which can lead to cross-site scripting (XSS) attacks. This occurs due to multiple XSS vulnerabilities in the affected devices. **Recommendations** For Honeywell FALCON XLWeb Linux controller devices versions 2.04.01 and earlier, update to a version later than 2.04.01 to resolve the issue. For Honeywell FALCON XLWeb XLWebExe controller devices versions 2.02.11 and earlier, update to a version later than 2.02.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1200 CPU devices versions 2.x through 3.x **Description** A cross-site scripting (XSS) issue exists in the integrated web server, allowing remote attackers to inject arbitrary web script or HTML. This could potentially lead to unauthorized access or control of the device. **Recommendations** For versions 2.x through 3.x, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Schneider Electric Quantum versions 140NOE77111, 140NOE77101, and 140NWM10000 Schneider Electric M340 versions BMXNOC0401, BMXNOE0100x, and BMXNOE011xx Schneider Electric Premium versions TSXETY4103, TSXETY5103, and TSXWMY100 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands. This can be achieved by modifying HTTP credentials. The vulnerability can also be exploited by an attacker to launch a script in the context of the current user's security using a specially crafted website. **Recommendations** For Schneider Electric Quantum versions 140NOE77111, 140NOE77101, and 140NWM10000, update the firmware to prevent CSRF attacks. For Schneider Electric M340 versions BMXNOC0401, BMXNOE0100x, and BMXNOE011xx, restrict access to the web interface until a patch is available. For Schneider Electric Premium versions TSXETY4103, TSXETY5103, and TSXWMY100, consider disabling the web server functionality as a temporary workaround until a fix is provided. As a general mitigation measure, restrict access to the vulnerable PLC modules to minimize the risk of exploitation.