Caio Farias

Name of the Vulnerable Software and Affected Versions: Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12 Description: A buffer overflow issue was discovered in the firmware. Recommendations: For Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.2.1.12 and earlier Description: An issue was discovered that may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload due to an XML External Entity (XXE) vulnerability. Recommendations: For versions 1.2.1.12 and earlier, as a temporary workaround, consider disabling the processing of external XML entities until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12 Description: The issue is related to an XML External Entity (XXE) vulnerability, which allows attackers to cause a Denial of Service (DoS) via a crafted XML payload. This vulnerability can be exploited by sending a manipulated XML payload to the affected system. Recommendations: For Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12, consider disabling the XML parsing functionality until a patch is available to prevent potential Denial of Service (DoS) attacks. Restrict access to the firmware to minimize the risk of exploitation. Avoid using the firmware with untrusted XML inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apereo CAS versions through 6.4.1 **Description** The issue allows for XSS via POST requests sent to the REST API endpoints. **Recommendations** For Apereo CAS versions through 6.4.1, consider restricting access to the REST API endpoints as a temporary workaround until a patch is available.