C. Kudera

**Name of the Vulnerable Software and Affected Versions** Schrack Technik microControl versions prior to 1.7.0 (937) **Description** The issue allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt, due to sensitive information being stored under the web root with insufficient access control. **Recommendations** For versions prior to 1.7.0 (937), update the firmware to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web root to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Schrack Technik microControl versions prior to 1.7.0 **Description** The issue concerns a hardcoded password for the `user` account in the web interface, making it easier for remote attackers to gain access. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Schrack Technik microControl version 1.7.0 (937) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors. **Recommendations** For version 1.7.0 (937), consider disabling access to the web interface until a fix is available, and restrict input to the position textbox in the configuration menu to minimize the risk of exploitation.