Can Demirel

**Name of the Vulnerable Software and Affected Versions** GE Mark VIe versions 03.03.28C through 05.02.04C EX2100e versions prior to 04.09.00C EX2100e Reg versions prior to 04.09.00C LS2100e versions prior to 04.09.00C **Description** The affected versions of the application have a path traversal issue that fails to restrict the ability of an attacker to gain access to restricted information. **Recommendations** For GE Mark VIe versions 03.03.28C through 05.02.04C, update to a version after 05.02.04C. For EX2100e versions prior to 04.09.00C, update to version 04.09.00C or later. For EX2100e Reg versions prior to 04.09.00C, update to version 04.09.00C or later. For LS2100e versions prior to 04.09.00C, update to version 04.09.00C or later.

**Name of the Vulnerable Software and Affected Versions** Entes EMG12 versions 2.57 and prior **Description** The issue is related to the web interface of the software, where an attacker can bypass authentication using a specially crafted URL, potentially allowing for remote code execution. The vulnerability is caused by errors in the authentication mechanism, which can be exploited by a remote attacker to bypass authentication and execute arbitrary code. **Recommendations** For Entes EMG12 versions 2.57 and prior, consider disabling the web interface until a patch is available to prevent potential exploitation. Restrict access to the web interface to minimize the risk of remote code execution. Avoid using specially crafted URLs that could be used to bypass authentication.

**Name of the Vulnerable Software and Affected Versions** Entes EMG12 versions 2.57 and prior **Description** The issue is caused by errors in processing GET requests in the web interface of the EMG12 Ethernet Modbus Gateway software. This can be exploited by a remote attacker using a specially crafted GET request to execute arbitrary code. The vulnerability may also allow an attacker to impersonate a legitimate user. **Recommendations** For Entes EMG12 versions 2.57 and prior, consider disabling the web interface until a patch is available to prevent exploitation. Restrict access to the web interface to minimize the risk of arbitrary code execution. Avoid using the web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa PT-7728 devices with software 3.4 build 15081113 **Description** The issue allows remote authenticated users to change the configuration of Moxa PT-7728 devices via vectors involving a local proxy. **Recommendations** For Moxa PT-7728 devices with software 3.4 build 15081113, consider restricting access to configuration changes until a patch is available. As a temporary workaround, restrict the use of local proxies to minimize the risk of exploitation.