Constantin Schieber-Knöbl

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge (affected versions not specified) Description: The issue allows access to the JTAG interface of Wattsense Bridge devices through physical access to the PCB. After connecting to the interface, full access to the device is possible, enabling an attacker to extract information, modify, and debug the device's firmware. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 (CP300) (All versions) SIPROTEC 5 6MD85 (CP200) (All versions) SIPROTEC 5 6MD85 (CP300) (All versions) SIPROTEC 5 6MD86 (CP200) (All versions) SIPROTEC 5 6MD86 (CP300) (All versions) SIPROTEC 5 6MD89 (CP300) (All versions) SIPROTEC 5 6MU85 (CP300) (All versions) SIPROTEC 5 7KE85 (CP200) (All versions) SIPROTEC 5 7KE85 (CP300) (All versions) SIPROTEC 5 7SA82 (CP100) (All versions) SIPROTEC 5 7SA82 (CP150) (All versions) SIPROTEC 5 7SA86 (CP200) (All versions) SIPROTEC 5 7SA86 (CP300) (All versions) SIPROTEC 5 7SA87 (CP200) (All versions) SIPROTEC 5 7SA87 (CP300) (All versions) SIPROTEC 5 7SD82 (CP100) (All versions) SIPROTEC 5 7SD82 (CP150) (All versions) SIPROTEC 5 7SD86 (CP200) (All versions) SIPROTEC 5 7SD86 (CP300) (All versions) SIPROTEC 5 7SD87 (CP200) (All versions) SIPROTEC 5 7SD87 (CP300) (All versions) SIPROTEC 5 7SJ81 (CP100) (All versions) SIPROTEC 5 7SJ81 (CP150) (All versions) SIPROTEC 5 7SJ82 (CP100) (All versions) SIPROTEC 5 7SJ82 (CP150) (All versions) SIPROTEC 5 7SJ85 (CP200) (All versions) SIPROTEC 5 7SJ85 (CP300) (All versions) SIPROTEC 5 7SJ86 (CP200) (All versions) SIPROTEC 5 7SJ86 (CP300) (All versions) SIPROTEC 5 7SK82 (CP100) (All versions) SIPROTEC 5 7SK82 (CP150) (All versions) SIPROTEC 5 7SK85 (CP200) (All versions) SIPROTEC 5 7SK85 (CP300) (All versions) SIPROTEC 5 7SL82 (CP100) (All versions) SIPROTEC 5 7SL82 (CP150) (All versions) SIPROTEC 5 7SL86 (CP200) (All versions) SIPROTEC 5 7SL86 (CP300) (All versions) SIPROTEC 5 7SL87 (CP200) (All versions) SIPROTEC 5 7SL87 (CP300) (All versions) SIPROTEC 5 7SS85 (CP200) (All versions) SIPROTEC 5 7SS85 (CP300) (All versions) SIPROTEC 5 7ST85 (CP200) (All versions) SIPROTEC 5 7ST85 (CP300) (All versions) SIPROTEC 5 7ST86 (CP300) (All versions) SIPROTEC 5 7SX82 (CP150) (All versions) SIPROTEC 5 7SX85 (CP300) (All versions) SIPROTEC 5 7SY82 (CP150) (All versions) SIPROTEC 5 7UM85 (CP300) (All versions) SIPROTEC 5 7UT82 (CP100) (All versions) SIPROTEC 5 7UT82 (CP150) (All versions) SIPROTEC 5 7UT85 (CP200) (All versions) SIPROTEC 5 7UT85 (CP300) (All versions) SIPROTEC 5 7UT86 (CP200) (All versions) SIPROTEC 5 7UT86 (CP300) (All versions) SIPROTEC 5 7UT87 (CP200) (All versions) SIPROTEC 5 7UT87 (CP300) (All versions) SIPROTEC 5 7VE85 (CP300) (All versions) SIPROTEC 5 7VK87 (CP200) (All versions) SIPROTEC 5 7VK87 (CP300) (All versions) SIPROTEC 5 7VU85 (CP300) (All versions) SIPROTEC 5 Compact 7SX800 (CP050) (All versions) Description: The affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 (CP300) versions prior to V9.90 SIPROTEC 5 6MD85 (CP200) versions prior to V9.90 SIPROTEC 5 6MD85 (CP300) versions prior to V9.90 SIPROTEC 5 6MD86 (CP200) versions prior to V9.90 SIPROTEC 5 6MD86 (CP300) versions prior to V9.90 SIPROTEC 5 6MD89 (CP300) versions prior to V9.90 SIPROTEC 5 6MU85 (CP300) versions prior to V9.90 SIPROTEC 5 7KE85 (CP200) versions prior to V9.90 SIPROTEC 5 7KE85 (CP300) versions prior to V9.90 SIPROTEC 5 7SA82 (CP100) versions prior to V9.90 SIPROTEC 5 7SA82 (CP150) versions prior to V9.90 SIPROTEC 5 7SA86 (CP200) versions prior to V9.90 SIPROTEC 5 7SA86 (CP300) versions prior to V9.90 SIPROTEC 5 7SA87 (CP200) versions prior to V9.90 SIPROTEC 5 7SA87 (CP300) versions prior to V9.90 SIPROTEC 5 7SD82 (CP100) versions prior to V9.90 SIPROTEC 5 7SD82 (CP150) versions prior to V9.90 SIPROTEC 5 7SD86 (CP200) versions prior to V9.90 SIPROTEC 5 7SD86 (CP300) versions prior to V9.90 SIPROTEC 5 7SD87 (CP200) versions prior to V9.90 SIPROTEC 5 7SD87 (CP300) versions prior to V9.90 SIPROTEC 5 7SJ81 (CP100) versions prior to V9.90 SIPROTEC 5 7SJ81 (CP150) versions prior to V9.90 SIPROTEC 5 7SJ82 (CP100) versions prior to V9.90 SIPROTEC 5 7SJ82 (CP150) versions prior to V9.90 SIPROTEC 5 7SJ85 (CP200) versions prior to V9.90 SIPROTEC 5 7SJ85 (CP300) versions prior to V9.90 SIPROTEC 5 7SJ86 (CP200) versions prior to V9.90 SIPROTEC 5 7SJ86 (CP300) versions prior to V9.90 SIPROTEC 5 7SK82 (CP100) versions prior to V9.90 SIPROTEC 5 7SK82 (CP150) versions prior to V9.90 SIPROTEC 5 7SK85 (CP200) versions prior to V9.90 SIPROTEC 5 7SK85 (CP300) versions prior to V9.90 SIPROTEC 5 7SL82 (CP100) versions prior to V9.90 SIPROTEC 5 7SL82 (CP150) versions prior to V9.90 SIPROTEC 5 7SL86 (CP200) versions prior to V9.90 SIPROTEC 5 7SL86 (CP300) versions prior to V9.90 SIPROTEC 5 7SL87 (CP200) versions prior to V9.90 SIPROTEC 5 7SL87 (CP300) versions prior to V9.90 SIPROTEC 5 7SS85 (CP200) versions prior to V9.90 SIPROTEC 5 7SS85 (CP300) versions prior to V9.90 SIPROTEC 5 7ST85 (CP200) versions prior to V9.90 SIPROTEC 5 7ST85 (CP300) versions prior to V9.90 SIPROTEC 5 7ST86 (CP300) versions prior to V9.90 SIPROTEC 5 7SX82 (CP150) versions prior to V9.90 SIPROTEC 5 7SX85 (CP300) versions prior to V9.90 SIPROTEC 5 7SY82 (CP150) versions prior to V9.90 SIPROTEC 5 7UM85 (CP300) versions prior to V9.90 SIPROTEC 5 7UT82 (CP100) versions prior to V9.90 SIPROTEC 5 7UT82 (CP150) versions prior to V9.90 SIPROTEC 5 7UT85 (CP200) versions prior to V9.90 SIPROTEC 5 7UT85 (CP300) versions prior to V9.90 SIPROTEC 5 7UT86 (CP200) versions prior to V9.90 SIPROTEC 5 7UT86 (CP300) versions prior to V9.90 SIPROTEC 5 7UT87 (CP200) versions prior to V9.90 SIPROTEC 5 7UT87 (CP300) versions prior to V9.90 SIPROTEC 5 7VE85 (CP300) versions prior to V9.90 SIPROTEC 5 7VK87 (CP200) versions prior to V9.90 SIPROTEC 5 7VK87 (CP300) versions prior to V9.90 SIPROTEC 5 7VU85 (CP300) versions prior to V9.90 SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.90 Description: The affected devices do not properly limit access to a development shell accessible over a physical interface. This could allow an unauthenticated attacker with physical access to the device to execute arbitrary commands on the device. Recommendations: For SIPROTEC 5 6MD84 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD89 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MU85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7KE85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7KE85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ81 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ81 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SK82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SK82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SK85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SK85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SS85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SS85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7ST85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7ST85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7ST86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SX82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SX85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SY82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UM85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7VE85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7VK87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7VK87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7VU85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.90, update to version V9.90 or later.

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.1.0 Description: An authenticated attacker can use the Plugin Manager of the web interface to upload malicious Python files, enabling remote root access to the device. The attacker needs a valid user account on the Wattsense web interface to conduct this attack. Recommendations: For versions prior to 6.1.0, update to a firmware version BSP >= 6.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the Plugin Manager or disabling the upload of Python files until the update is applied.

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.4.1 Description: The firmware of all Wattsense Bridge devices contains the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. Recommendations: For Wattsense Bridge versions prior to 6.4.1, update the firmware to version 6.4.1 or later to remove the backdoor user and hard-coded credentials. As a temporary workaround, consider restricting access to the serial interface to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge devices versions prior to BSP 6.4.1 Description: A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. Recommendations: For versions prior to BSP 6.4.1, update to a recent firmware version BSP >= 6.4.1 to resolve the issue. As a temporary workaround, consider restricting physical access to the PCB of Wattsense Bridge devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SIPROTEC 5 6MD84 (CP300) versions prior to V9.80 SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.89 SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SA82 (CP100) versions 7.80 and later SIPROTEC 5 7SA82 (CP150) versions prior to V9.80 SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SD82 (CP100) versions 7.80 and later SIPROTEC 5 7SD82 (CP150) versions prior to V9.80 SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SJ81 (CP100) versions 7.80 and later SIPROTEC 5 7SJ81 (CP150) versions prior to V9.80 SIPROTEC 5 7SJ82 (CP100) versions 7.80 and later SIPROTEC 5 7SJ82 (CP150) versions prior to V9.80 SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SK82 (CP100) versions 7.80 and later SIPROTEC 5 7SK82 (CP150) versions prior to V9.80 SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SL82 (CP100) versions 7.80 and later SIPROTEC 5 7SL82 (CP150) versions prior to V9.80 SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7ST85 (CP300) versions prior to V9.80 SIPROTEC 5 7ST86 (CP300) versions prior to V9.80 SIPROTEC 5 7SX82 (CP150) versions prior to V9.80 SIPROTEC 5 7SX85 (CP300) versions prior to V9.80 SIPROTEC 5 7SY82 (CP150) versions prior to V9.80 SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT82 (CP100) versions 7.80 and later SIPROTEC 5 7UT82 (CP150) versions prior to V9.80 SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VU85 (CP300) versions prior to V9.80 SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.80 **Description** The affected devices do not properly limit the path accessible via their webserver, allowing an authenticated remote attacker to read arbitrary files from the filesystem of affected devices. **Recommendations** For SIPROTEC 5 6MD84 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.89, update to version V9.90 or later. For SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SA82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SA82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SD82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SD82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SJ81 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SJ81 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SJ82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SJ82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SK82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SK82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SL82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SL82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7ST85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7ST86 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SX82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SX85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SY82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7UT82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VU85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.80, update to version V9.80 or later.

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V05.30 Description: A vulnerability has been identified in the CPCI85 Central Processing/Communication devices. The affected devices contain a secure element connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files. Recommendations: For versions prior to V05.30, consider restricting physical access to the SPI bus as a temporary mitigation measure until a patch is available. Additionally, avoid using the secure element for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0 Description: A vulnerability has been identified that allows a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. The issue is related to the lack of authentication for a critical function, which can be exploited by a remote attacker to lower the device's firmware version. Recommendations: For CPCI85 Central Processing/Communication versions prior to V5.40, update to version V5.40 or later to resolve the issue. For SICORE Base system versions prior to V1.4.0, update to version V1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the devices and limiting remote access to authenticated users only until a patch is applied.

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.30 SICORE Base system versions prior to V1.3.0 Description: A command injection vulnerability exists due to missing server-side input sanitation in the web interface of affected devices. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. Recommendations: For CPCI85 Central Processing/Communication versions prior to V5.30, update to version V5.30 or later. For SICORE Base system versions prior to V1.3.0, update to version V1.3.0 or later. As a temporary workaround, consider restricting access to the web interface of affected devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** One Identity Password Manager versions prior to 5.13.1 **Description** The issue allows Kiosk Escape, affecting the product's functionality to reset Active Directory passwords on the login screen of a Windows client. It launches a Chromium-based browser in Kiosk mode. The escape sequence involves waiting for a session timeout, clicking on the Help icon, navigating to a website that offers file upload, accessing cmd.exe from the file explorer window, and launching cmd.exe as NT AUTHORITYSYSTEM. **Recommendations** For versions prior to 5.13.1, update to version 5.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Help icon and file upload functionality in the Kiosk mode browser to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** One Identity Password Manager versions prior to 5.13.1 **Description** The issue allows Kiosk Escape in One Identity Password Manager, which enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium-based browser in Kiosk mode to provide the reset functionality. The escape sequence involves navigating to the Google ReCAPTCHA section, clicking on the Privacy link, observing a new browser window, navigating to any website that offers file upload, navigating to cmd.exe from the file explorer window, and launching cmd.exe as NT AUTHORITYSYSTEM. **Recommendations** For versions prior to 5.13.1, update to version 5.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Google ReCAPTCHA section and disabling file upload functionality in the Kiosk mode browser until a patch is available. Avoid using the Kiosk mode browser to navigate to untrusted websites, and restrict the launch of cmd.exe as NT AUTHORITYSYSTEM to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SIMCom SIM7600G modem (affected versions not specified) **Description** The issue concerns an undocumented AT command in the SIMCom SIM7600G modem, allowing an attacker to execute system commands with root permission on the modem. This can be achieved with either physical access or remote shell access to a device that interacts directly with the modem via AT commands. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.