Diego Giubertoni

**Name of the Vulnerable Software and Affected Versions** PLCnext Control (affected versions not specified) **Description** The Web-based Management interface lacks a data verification mechanism when installing additional APPs downloaded from the PLCnext Store. This allows a remote low-privileged Engineer user to install a manipulated APP package, which can lead to arbitrary code execution with root privileges on the PLC device, potentially impacting the integrity and availability of the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A local user with low privileges can influence the behavior of a privileged system service by manipulating configuration or application-related files in user-writable filesystem areas. This occurs because the service processes data from locations that lack sufficient protection against modification by low-privileged users. Since the service operates with elevated privileges, this can lead to local privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Device Manager (affected versions not specified) **Description** A remote attacker with limited privileges may be able to reveal confidential information from a privileged process's memory. This is achieved by sending specifically designed requests to the Device Manager web service, which triggers an out-of-bounds read operation under specific conditions related to Address Space Layout Randomization (ASLR). This operation could potentially copy sensitive data into a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beckhoff.Device.Manager.XAR (affected versions not specified) **Description** A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API. This is due to integer overflows, which may lead to arbitrary code execution within privileged processes. The API endpoints are susceptible to crafted calls that trigger the integer overflow. The vulnerable parameters or variables used in these calls are not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2.3 **Description** A local low privileged attacker can bypass the authentication of the Device Manager user interface. This allows the attacker to perform privileged operations and gain administrator access. **Recommendations** Update to a version prior to 2.3.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** A local attacker with low privileges on the Windows system where the software is installed can corrupt sensitive data. A data folder is created with weak privileges, allowing any user logged into the Windows system to modify its content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cognex In-Sight Explorer and In-Sight Camera Firmware (affected versions not specified) **Description** Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 for management operations, including firmware upgrades and device reboots, which require authentication. A user with protected privileges can invoke the `SetSystemConfig` functionality to modify device properties, such as network settings, potentially violating the intended security model. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cognex device (affected versions not specified) **Description** An attacker with adjacent access, without authentication, can retrieve a hard-coded password embedded in the software. This password can be used to decrypt sensitive network traffic. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cognex In-Sight Explorer and In-Sight Camera Firmware (affected versions not specified) **Description** The software exposes a proprietary protocol on TCP port 1069 for management operations, including modifying system properties. The user management functionality transmits sensitive data, such as usernames and passwords, over an unencrypted channel, potentially allowing an adjacent attacker to intercept credentials and gain access to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cognex In-Sight Explorer and In-Sight Camera Firmware (affected versions not specified) **Description** The software exposes a proprietary protocol on TCP port 1069 for management operations, including modifying system properties. The user management functionality transmits sensitive data, such as usernames and passwords, over an unencrypted channel, potentially allowing an adjacent attacker to intercept credentials and gain unauthorized access to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cognex In-Sight Explorer and In-Sight Camera Firmware (affected versions not specified) **Description** The software exposes a service implementing a proprietary protocol on TCP port 1069. This service allows client-side software, such as the In-Sight Explorer tool, to perform management operations, including changing network settings and modifying user access to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** An adjacent attacker without authentication can retrieve user-privileged credentials during the firmware upgrade procedure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cognex In-Sight Explorer and In-Sight Camera Firmware (affected versions not specified) **Description** The software exposes a telnet-based service on port 23 for management operations, including firmware upgrades and device reboot, which requires authentication. Improper handling of login failures can lead to a denial-of-service condition, rendering the telnet service unreachable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cognex In-Sight Explorer and In-Sight Camera Firmware (affected versions not specified) **Description** The software exposes a telnet-based service on port 23, intended for management operations like firmware upgrades and device reboots that require authentication. A user with protected privileges can utilize the `SetSerialPort` functionality to modify device properties, including serial interface settings, which contradicts the documented security model. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** i-PRO Co., Ltd. surveillance cameras (affected versions not specified) **Description** A cross-site request forgery issue exists in the surveillance cameras. If a user views a crafted page while logged in to the affected product, unintended operations may be performed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** i-PRO Configuration Tool (affected versions not specified) **Description** The issue concerns the use of a hard-coded cryptographic key in the i-PRO Configuration Tool, which affects the network system of i-PRO Co., Ltd. surveillance cameras and recorders. This allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Vernova UR IED family devices (affected versions not specified) **Description** The issue concerns an Insufficient Verification of Data Authenticity, which enables an authenticated user to install modified firmware. This is possible because firmware signature verification is only enforced on the client-side by the dedicated software Enervista UR Setup, allowing the integration check to be bypassed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Vernova Enervista UR Setup (affected versions not specified) **Description** The issue concerns a Missing Authentication for Critical Function vulnerability. It allows for Authentication Bypass due to a missing SSH server authentication, enabling an attacker to potentially perform a man-in-the-middle attack on the network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Vernova UR IED family devices versions 7.0 through 8.60 **Description** The issue is related to improper input validation, which allows an attacker to establish a TCP connection through port forwarding. This lack of validation for IP addresses and ports may enable the attacker to bypass firewall rules or send malicious traffic within the network. **Recommendations** For GE Vernova UR IED family devices versions 7.0 through 8.60, consider restricting access to the port forwarding feature until a proper fix is applied, and ensure that all incoming and outgoing traffic is thoroughly validated to prevent malicious connections.

**Name of the Vulnerable Software and Affected Versions** GE Vernova EnerVista UR Setup (affected versions not specified) **Description** The issue concerns an improper authentication vulnerability that allows authentication bypass. It is possible to disable the software's startup authentication by modifying a Windows registry setting, which can be altered by any user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.