CVE-2018-7756

Name of the Vulnerable Software and Affected Versions DEWESoft X3 SP1 (64-bit)

Description The issue is related to the RunExeFile.exe in the installer, which does not require authentication for sessions on TCP port 1999. This allows remote attackers to execute arbitrary code or access internal commands. For example, a RUN command can launch a .EXE file from an arbitrary external URL, or a "SETFIREWALL Off" command can be executed.

Recommendations For DEWESoft X3 SP1 (64-bit), consider restricting access to TCP port 1999 until a patch is available. As a temporary workaround, avoid using the RunExeFile.exe feature to execute external files or commands until the issue is resolved. Restrict access to internal commands to minimize the risk of exploitation.