Eran Jacob

**Name of the Vulnerable Software and Affected Versions** ALEOS versions prior to 4.16 **Description** The issue allows a user with valid credentials to reconfigure the device, exposing the ACEManager credentials on the pre-login status page. **Recommendations** For versions prior to 4.16, update to version 4.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ALEOS versions prior to 4.16 **Description** The issue allows a user with valid credentials to manipulate the IP logging operation, potentially leading to the execution of arbitrary shell commands on the device. This is due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 4.16, update to version 4.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the iplogging.cgi executable file until a patch is available. Avoid using the IP logging operation with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Automation License Manager V5 (All versions) Automation License Manager V6 (All versions prior to V6.0 SP9 Upd4) TeleControl Server Basic V3 (All versions prior to V3.1.2) **Description** The issue is related to a path traversal vulnerability. It may allow a remote attacker to execute arbitrary code. The affected component does not correctly validate the root path on folder-related operations, allowing modification of files and folders outside the intended root directory. This could enable an unauthenticated remote attacker to execute file operations on files outside of the specified root folder. **Recommendations** For Automation License Manager V5, update to a version that includes the necessary security fixes. For Automation License Manager V6, update to V6.0 SP9 Upd4 or later. For TeleControl Server Basic V3, update to V3.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Automation License Manager V5 (All versions) Automation License Manager V6 versions prior to V6.0 SP9 Upd4 TeleControl Server Basic V3 versions prior to V3.1.2 **Description** A vulnerability has been identified that allows an unauthenticated remote attacker to rename and move files as a SYSTEM user due to the affected components permitting the renaming of license files with user-chosen input without authentication. **Recommendations** For Automation License Manager V5, consider disabling the license file renaming feature until a patch is available. For Automation License Manager V6 versions prior to V6.0 SP9 Upd4, update to V6.0 SP9 Upd4 or later to resolve the issue. For TeleControl Server Basic V3 versions prior to V3.1.2, update to V3.1.2 or later to resolve the issue. As a temporary workaround, restrict access to the license file management component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Softing OPC UA C++ SDK versions 5.59 through 5.64 **Description** The issue arises from the exported library functions in the Softing OPC UA C++ SDK not properly validating received extension objects. This may allow an attacker to crash the software by sending specially crafted packets to access unexpected memory locations. **Recommendations** For versions 5.59 through 5.64, consider restricting access to the exported library functions until a patch is available. As a temporary workaround, avoid using the received extension objects in the affected library functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns an exposed user and password database due to an unprotected web server resource. The passwords are hashed using a weak hashing algorithm, making them susceptible to attacks using rainbow tables, which could allow an attacker to determine the password. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows an attacker to potentially execute scripts on a client's computer by sending a manipulated URL, exploiting a reflected XSS weakness in the web server. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The login routine of the system allows clients to log in using the hash of the password instead of the password itself. This issue can be combined with another security concern to allow an attacker to subsequently log in to the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue involves information disclosure where the main configuration, including users and their hashed passwords, is exposed through an unprotected web server resource. This exposure allows access to sensitive information without requiring authentication. Furthermore, device details such as the serial number and firmware version are also exposed due to another unprotected web server resource. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unified Automation .NET based OPC UA Client/Server SDK Bundle versions V3.0.7 and prior **Description** The issue is related to an uncontrolled recursion that may allow an attacker to trigger a stack overflow. It is also associated with information disclosure, which could enable a remote attacker to disclose protected information. **Recommendations** For versions V3.0.7 and prior, update to a version later than V3.0.7 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OPC Foundation UA .NET Standard versions prior to 1.4.365.48 OPC UA .NET Legacy **Description** The issue is related to an uncontrolled recursion in the OPC UA .NET Standard and OPC UA .NET Legacy implementations, which may allow an attacker to trigger a stack overflow, potentially leading to a denial of service. This could be exploited by a remote attacker. **Recommendations** For OPC Foundation UA .NET Standard versions prior to 1.4.365.48, update to version 1.4.365.48 or later to resolve the issue. For OPC UA .NET Legacy, at the moment, there is no information about a newer version that contains a fix for this vulnerability.