Alexander Nochvay

**Name of the Vulnerable Software and Affected Versions** AMC2 (affected versions not specified) **Description** The issue concerns the use of the Blowfish symmetric encryption algorithm in communication between the AMC2 and the host system. An attacker with access to the local network, typically on the same subnet, could retrieve the key from the firmware to decrypt network traffic. This allows the attacker to modify network traffic, decrypt and investigate the device's firmware file, and change the device configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe (affected versions not specified) **Description** The Bosch software tools are used to configure settings in AMC2 devices and allow password protection to restrict access. However, an attacker can circumvent this protection, making unauthorized changes to configuration data or manipulating the device's configuration, potentially making it unresponsive in the local network. The attacker must have access to the local network, typically the same subnet. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bosch IP cameras (affected versions not specified) Description: The issue is related to an error in the URL handler of the web-based interface, which may lead to a reflected cross-site scripting (XSS) attack. An attacker with knowledge of the camera address can send a crafted link to a user, executing JavaScript code in the context of the user. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bosch IP cameras versions 7.70 through 7.80 prior to B128 **Description** A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. The vulnerability affects devices of the CPP6, CPP7, and CPP7.3 family. **Recommendations** For versions 7.70 through 7.80 prior to B128, update the firmware to a version that includes the fix for this issue, specifically B128 or later. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Bosch IP cameras (affected versions not specified) Description: The issue is related to improper validation of the HTTP header in Bosch IP cameras, which allows an attacker to inject arbitrary HTTP headers through crafted URLs. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bosch IP cameras (affected versions not specified) Description: The issue allows an authenticated attacker with administrator rights to cause a Denial of Service (DoS) by calling a URL with an invalid parameter, making the camera unresponsive for a few seconds. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NPort IA5000A Series devices (affected versions not specified) NPort IA5150A/IA5250A, IA5450A devices (affected versions not specified) **Description** The issue is related to the use of Telnet for network device management, which does not support encryption of client-server communications. This makes the devices vulnerable to Man-in-the-Middle attacks. The vulnerability is associated with a lack of protection for transmitted data, allowing a remote attacker to gain unauthorized access to protected information through a Telnet connection. **Recommendations** For NPort IA5000A Series devices, consider disabling Telnet as a network device management service until a more secure alternative is implemented. For NPort IA5150A/IA5250A, IA5450A devices, restrict access to Telnet connections to minimize the risk of exploitation. As a temporary workaround, consider using alternative, encrypted management services for these devices until a patch or secure configuration is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NPort IA5150A/IA5250A Series versions prior to 1.5 **Description** The issue is related to inadequate access control in the NPort IA5150A/IA5250A Series, allowing a user with "Read Only" privilege level to send requests via the web console to change the device's configuration. This can be exploited by a remote attacker to bypass existing security restrictions and elevate their privileges. **Recommendations** For versions prior to 1.5, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the web console to prevent unauthorized configuration changes.

**Name of the Vulnerable Software and Affected Versions** NPort IA5150A/IA5250A, IA5450A versions (affected versions not specified) NPort IA5000A Series versions (affected versions not specified) **Description** The issue is related to the storage of passwords in plaintext. This could allow a remote attacker to gain unauthorized access to sensitive information. The export of a device's configuration may contain user passwords and other sensitive data in their original form if a pre-shared key is not set. **Recommendations** For NPort IA5150A/IA5250A, IA5450A, consider setting a pre-shared key to protect sensitive data. For NPort IA5000A Series, set a pre-shared key to prevent the export of sensitive data in plaintext. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NPort IA5000A series serial devices (affected versions not specified) **Description** The issue is related to the cleartext transmission of sensitive information via Moxa Service in the affected devices. This could allow attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service. Exploitation of the vulnerability may enable remote attackers to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CODESYS V3 products versions prior to V3.5.14.0 **Description** The issue is related to the use of insufficiently random values. **Recommendations** For versions prior to V3.5.14.0, update to version V3.5.14.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CODESYS V3 products versions prior to V3.5.14.0 **Description** The issue is related to improper communication address filtering. **Recommendations** For versions prior to V3.5.14.0, update to version V3.5.14.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 **Description** The issue concerns sensitive information being stored in clear text. **Recommendations** For version 2.1, update to a version that stores sensitive information securely, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 **Description** The issue concerns user enumeration in the affected software. **Recommendations** For version 2.1, update to a version that fixes the user enumeration issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 **Description** The issue concerns a user privilege escalation in the software, which could potentially allow unauthorized access to sensitive features or data. **Recommendations** For Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1, update to a version that includes a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 **Description** The issue is related to Privilege Escalation via Broken Access Control. **Recommendations** For Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1, update to a version that fixes the Broken Access Control issue to prevent privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 **Description** The issue is related to password management in the affected software. **Recommendations** For version 2.1, update to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 **Description** The issue concerns Hidden Token Access in the affected software. **Recommendations** For Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 **Description** The issue concerns Remote Code Execution in the specified software, allowing for potential malicious code execution. **Recommendations** For Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kraftway 24F2XG Router firmware version 3.5.30.1118 **Description** The issue allows remote attackers to gain privileged access to the router due to default credentials. **Recommendations** For firmware version 3.5.30.1118, change the default credentials to prevent unauthorized access.