Dmitry Sklyarov

**Name of the Vulnerable Software and Affected Versions** LCD KVM over IP Switch CL5708IM (affected versions not specified) **Description** The issue is a Heap-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CL5708IM (affected versions not specified) **Description** The issue is a Stack-based Buffer Overflow, allowing unauthenticated remote attackers to execute arbitrary code on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CL5708IM (affected versions not specified) **Description** The issue is a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CL5708IM (affected versions not specified) **Description** The issue is a Stack-based Buffer Overflow, allowing unauthenticated remote attackers to execute arbitrary code on the device. This can be exploited by remote attackers without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CL5708IM (affected versions not specified) **Description** The issue concerns a Heap-based Buffer Overflow vulnerability in the CL5708IM, allowing unauthenticated remote attackers to exploit this vulnerability and perform a denial-of-service attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions 1.000A through 1.095Z Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior **Description** The issue is related to the storage of sensitive information in cleartext, allowing a remote unauthenticated attacker to disclose this information. As a result, attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module. **Recommendations** For Mitsubishi Electric GX Works3 versions 1.000A through 1.095Z, update to a version that fixes the cleartext storage of sensitive information issue. For Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior, update to a version that fixes the cleartext storage of sensitive information issue. As a temporary workaround, consider restricting access to the MELSEC CPU module and the MELSEC OPC UA server module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C **Description** The issue is related to the use of hard-coded passwords in the software, allowing an unauthenticated attacker to disclose sensitive information. This can result in unauthenticated users being able to view programs and project files or execute programs illegally. The vulnerability can be exploited by a remote attacker to gain access to protected information. **Recommendations** For Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, consider changing or removing the hard-coded password to prevent unauthorized access. For GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, restrict access to sensitive information and project files until a patch or update is available that addresses the hard-coded password issue. As a temporary workaround, consider disabling any features that rely on the hard-coded password until a secure update is applied.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions from 1.000A and later **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally. **Recommendations** For Mitsubishi Electric GX Works3 versions from 1.000A and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions from 1.000A and later **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally. **Recommendations** For versions from 1.000A and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions 1.000A through 1.087R Motion Control Setting (GX Works3 related software) versions 1.000A through 1.042U **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally. **Recommendations** For Mitsubishi Electric GX Works3 versions 1.000A through 1.087R, update to a version that fixes the Cleartext Storage of Sensitive Information issue. For Motion Control Setting (GX Works3 related software) versions 1.000A through 1.042U, update to a version that fixes the Cleartext Storage of Sensitive Information issue.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions 1.000A through 1.090U GT Designer3 Version1 (GOT2000) versions 1.122C through 1.290C Motion Control Setting (GX Works3 related software) versions 1.035M through 1.042U **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information due to the use of a hard-coded cryptographic key. This enables unauthenticated users to view programs and project files or execute programs illegally. **Recommendations** For GX Works3 versions 1.000A through 1.090U, update to a version that does not use a hard-coded cryptographic key. For GT Designer3 Version1 (GOT2000) versions 1.122C through 1.290C, update to a version that does not use a hard-coded cryptographic key. For Motion Control Setting (GX Works3 related software) versions 1.035M through 1.042U, update to a version that does not use a hard-coded cryptographic key. As a temporary workaround, consider restricting access to sensitive information and project files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Trace Hub (affected versions not specified) **Description** The issue is related to insufficient access control in the Intel(R) Trace Hub driver, which may allow an attacker to escalate privileges. For some Intel(R) Trace Hub instances, it is possible to activate test or debug logic at runtime, potentially enabling an unauthenticated user with physical access to escalate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions **Description** The issue is related to the cleartext storage of sensitive information in the programable logic controllers of the affected devices. This allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Mitsubishi Electric MELSEC Q series Q03UDECPU all versions Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions Mitsubishi Electric MELSEC Q series QJ72BR15 all versions Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions Mitsubishi Electric MELSEC L series LJ71E71-100 all versions Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions **Description** The issue is related to the use of a weak hash in the password storage mechanism, allowing a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. This could potentially lead to unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Mitsubishi Electric MELSEC Q series Q03UDECPU all versions Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions Mitsubishi Electric MELSEC Q series QJ72BR15 all versions Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions Mitsubishi Electric MELSEC L series LJ71E71-100 all versions Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions **Description** The issue is related to the use of a password hash instead of the password for authentication, allowing a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash. This may enable an attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) processors (affected versions not specified) **Description** The issue is related to the activation of test or debug logic at runtime for some Intel(R) processors, which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. This is due to insufficient protection of service data in the BIOS/UEFI firmware. Exploitation of the issue may allow an attacker to gain elevated privileges and access sensitive information. The problem is also associated with a debugging functionality that has excessive privileges, potentially allowing attackers to read encrypted files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Verifone MX900 series Pinpad Payment Terminals version 30251000 Description: The issue allows for the installation of unsigned packages on the Verifone MX900 series Pinpad Payment Terminals. Recommendations: For version 30251000, ensure that only signed packages are installed to prevent potential exploitation. As a temporary workaround, consider restricting package installation privileges until a patch is available.

Name of the Vulnerable Software and Affected Versions: Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 Description: A buffer overflow issue exists via the Run system call. Recommendations: For Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Verifone MX900 series Pinpad Payment Terminals version 30251000 Description: The issue concerns Insecure Permissions, which can lead to arbitrary command injection and privilege escalation through svc netcontrol. Recommendations: For Verifone MX900 series Pinpad Payment Terminals version 30251000, consider restricting access to the svc netcontrol service to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Verifone VerixV Pinpad Payment Terminals version QT000530 Description: The issue allows bypass of integrity and origin control for S1G file generation. Recommendations: For Verifone VerixV Pinpad Payment Terminals version QT000530, at the moment, there is no information about a newer version that contains a fix for this vulnerability.