Aleksandr Tlyapov

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 21 **Description** The software contains a directory traversal flaw. A remote attacker can exploit this by sending specially crafted URL requests containing "dot dot" sequences (`../`) to view, overwrite, or append to arbitrary files on the system. The vulnerability allows manipulation of URL requests to traverse directories, potentially enabling unauthorized access to files within the server’s filesystem. **Recommendations** Versions prior to 6.3.0.7 Service Pack 22 should be updated.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 21 **Description** The software potentially allows a remote attacker to access files on the system outside of the intended directories. This is achieved by sending a crafted URL request that includes "dot dot" sequences (/../). The request can be sent to an API endpoint, allowing access to arbitrary files. The vulnerable parameter is the URL itself. **Recommendations** Apply updates to versions beyond 6.3.0.7 Service Pack 21.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 20 **Description** IBM Tivoli Monitoring is susceptible to a heap-based buffer overflow due to insufficient bounds checking. A remote attacker could exploit this issue to overflow a buffer, potentially leading to arbitrary code execution or server crashes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 20 **Description** IBM Tivoli Monitoring is susceptible to a heap-based buffer overflow due to insufficient bounds checking. A remote attacker could exploit this issue to overflow a buffer, potentially leading to arbitrary code execution or a server crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 19 **Description** The issue allows a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. This can be exploited without authentication. **Recommendations** For versions 6.3.0.7 through 6.3.0.7 Service Pack 19, update to Service Pack 20 to resolve the issue. As a temporary workaround, consider restricting access to the affected system until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC (TIA Portal) versions prior to 13 SP1 Siemens SIMATIC WinCC flexible versions prior to 2008 SP3 Up7 **Description** The issue concerns the remote-management module in certain Siemens products, where credentials are not properly encrypted in transit. This makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. **Recommendations** For Siemens SIMATIC WinCC (TIA Portal) versions prior to 13 SP1, update to version 13 SP1 or later. For Siemens SIMATIC WinCC flexible versions prior to 2008 SP3 Up7, update to version 2008 SP3 Up7 or later.

**Name of the Vulnerable Software and Affected Versions** HP iLO 2 versions prior to 2.27 HP iLO 4 versions prior to 2.03 HP iLO Chassis Management (CM) firmware versions prior to 1.30 **Description** The issue is caused by a stack buffer overflow in the server management mechanism. This allows a remote attacker to potentially execute arbitrary code, gain privileges, or cause a denial of service. The vulnerability can be exploited remotely. **Recommendations** For HP iLO 2 versions prior to 2.27, update the firmware to version 2.27 or later. For HP iLO 4 versions prior to 2.03, update the firmware to version 2.03 or later. For HP iLO Chassis Management (CM) firmware versions prior to 1.30, update the firmware to version 1.30 or later.

**Name of the Vulnerable Software and Affected Versions** Oracle Siebel CRM versions 8.1.1 and 8.2.2 **Description** The issue affects the availability of the system, related to SISNAPI and Network Infrastructure. **Recommendations** For Oracle Siebel CRM version 8.1.1, update to a version that includes the fix for this issue. For Oracle Siebel CRM version 8.2.2, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC versions prior to 7.2 Update 1 **Description** The issue exists due to different behavior for NetBIOS user names in the Web Navigator component of Siemens WinCC, depending on whether a user account exists. This allows remote authenticated users to enumerate account names by using specially crafted URL parameters. **Recommendations** For versions prior to 7.2 Update 1, update to version 7.2 Update 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC versions prior to 7.2 Update 1 **Description** The issue exists in the login implementation of the Web Navigator in Siemens WinCC due to a hardcoded account. This allows remote attackers to gain access to the system using a special request. **Recommendations** For versions prior to 7.2 Update 1, update to version 7.2 Update 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC versions prior to 7.3 **Description** The issue concerns a hardcoded encryption key in the Project administration application. This allows remote attackers to obtain sensitive information by extracting the key from another product installation and then using it to sniff network traffic on TCP port 1030. The vulnerability can be exploited to elevate privileges in the WinCC Project Administration application, given that an attacker can intercept data transmitted by an authorized user over the network through port 1030/tcp. **Recommendations** For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 1030 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC versions prior to 7.3 **Description** The issue allows a local user to gain limited elevated privileges of the operating system user by leveraging weak system-object access control. This could potentially be exploited to gain increased access to system resources. **Recommendations** For Siemens SIMATIC WinCC versions prior to 7.3, update to version 7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC versions prior to 7.3 **Description** The issue is related to an error that occurs when processing a specially crafted HTTP packet, allowing an unauthenticated attacker to gain access to confidential information by sending a specially crafted HTTP request to ports 80/tcp and 443/tcp. This can be achieved through the WebNavigator server, which allows remote attackers to obtain sensitive information via an HTTP request. **Recommendations** For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to ports 80/tcp and 443/tcp to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC versions prior to 7.3 **Description** The issue allows remote authenticated users to gain privileges. This can be achieved via an HTTP or HTTPS request. The vulnerability is related to errors in the code of the WinCC WebNavigator server. **Recommendations** For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebNavigator server to minimize the risk of exploitation.