Benedikt Kühne

Name of the Vulnerable Software and Affected Versions: Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12 Description: The issue is related to an XML External Entity (XXE) vulnerability, which allows attackers to cause a Denial of Service (DoS) via a crafted XML payload. This vulnerability can be exploited by sending a manipulated XML payload to the affected system. Recommendations: For Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12, consider disabling the XML parsing functionality until a patch is available to prevent potential Denial of Service (DoS) attacks. Restrict access to the firmware to minimize the risk of exploitation. Avoid using the firmware with untrusted XML inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12 Description: A buffer overflow issue was discovered in the firmware. Recommendations: For Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.2.1.12 and earlier Description: An issue was discovered that may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload due to an XML External Entity (XXE) vulnerability. Recommendations: For versions 1.2.1.12 and earlier, as a temporary workaround, consider disabling the processing of external XML entities until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Siemens SENTRON 7KM PAC3200 (All versions) **Description** A vulnerability has been identified in the Modbus TCP interface of the Siemens SENTRON 7KM PAC3200, where affected devices only provide a 4-digit PIN to protect from administrative access. This insufficient protection allows attackers with access to the Modbus TCP interface to bypass it by brute-force attacks or by sniffing the Modbus clear text communication. The issue is related to improper authentication, specifically the use of a weak 4-digit PIN and the lack of encryption in the Modbus protocol. **Recommendations** As a temporary workaround, consider disabling access to the Modbus TCP interface until a patch is available. Restrict access to the administrative functions to minimize the risk of exploitation. Avoid using the 4-digit PIN for protection until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** An issue in the Elspec G5 digital fault recorder allows unauthenticated memory corruption to occur during XML body parsing. **Recommendations** For Elspec G5 digital fault recorder versions 1.1.4.15 and before, consider disabling XML body parsing until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** An issue was discovered in the HTTP header parsing mechanism, allowing unauthenticated memory corruption to occur. **Recommendations** For Elspec G5 digital fault recorder versions 1.1.4.15 and before, consider restricting access to the HTTP header parsing mechanism until a patch is available. As a temporary workaround, avoid using the affected HTTP header parsing mechanism in the Elspec G5 digital fault recorder until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** An issue was discovered that allows unauthenticated directory listing to occur. The web interface can be abused by an attacker to gain a better understanding of the operating system. **Recommendations** For Elspec G5 digital fault recorder versions 1.1.4.15 and before, consider restricting access to the web interface until a patch is available. As a temporary workaround, limit the information exposed through the web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** An issue was discovered where cleartext passwords and hashes are exposed through log files. **Recommendations** For Elspec G5 digital fault recorder versions 1.1.4.15 and before, consider restricting access to log files to minimize the risk of exploitation. As a temporary workaround, review log files for sensitive information and remove or securely store them until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** An issue was discovered in the Elspec G5 digital fault recorder where the shadow file is world readable. **Recommendations** For Elspec G5 digital fault recorder versions 1.1.4.15 and before, consider restricting access to the shadow file to prevent unauthorized reading until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** An issue was discovered in the Elspec G5 digital fault recorder. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. **Recommendations** For versions 1.1.4.15 and before, consider disabling access to the device until a patch is available to remove the hardcoded backdoor session ID. As a temporary workaround, restrict access to reconfiguration tasks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** The issue concerns weak permissions of the SQLite database file. **Recommendations** For Elspec G5 digital fault recorder versions 1.1.4.15 and before, consider restricting access to the SQLite database file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** An issue in the Elspec G5 digital fault recorder allows privilege escalation via world writable files. The network configuration script has weak filesystem permissions, resulting in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. **Recommendations** For Elspec G5 digital fault recorder versions 1.1.4.15 and before, consider restricting write access to the network configuration script to prevent privilege escalation until a patch is available. As a temporary workaround, review and adjust the filesystem permissions to limit access to authorized users only.

**Name of the Vulnerable Software and Affected Versions** Elspec G5 digital fault recorder versions 1.1.4.15 and before **Description** An issue was discovered in the system logs download mechanism, allowing directory traversal to occur. This could potentially expose system logs. If local network access exists, it is recommended to take immediate action to prevent data breaches. **Recommendations** For versions 1.1.4.15 and before, update immediately and restrict log access to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the system logs download mechanism until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Beckhoff TwinCAT/BSD (affected versions not specified) **Description** The package authelia-bhf included in Beckhoff's TwinCAT/BSD is prone to an open redirect, allowing a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf, the Beckhoff fork of authelia. The vulnerability can be exploited by sending a specially crafted HTTP request, enabling the attacker to redirect the user to arbitrary websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.