Alexander Perez-Palma

**Name of the Vulnerable Software and Affected Versions** EcoStruxure Control Expert (all versions) **Description** A buffer copy without checking the size of input issue exists in the PLC Simulator of EcoStruxure Control Expert software. This could cause a crash of the PLC simulator when receiving a specially crafted request over Modbus. The issue allows a remote attacker to potentially cause a denial of service. **Recommendations** For all versions, consider restricting access to the Modbus protocol until a fix is available. As a temporary workaround, disabling the PLC Simulator functionality may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: LOGO! 8 BM (incl. SIPLUS variants) (All versions) Description: A vulnerability has been identified that could allow an attacker to read and modify the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication, no public exploitation of this security vulnerability was known. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.