Evgeny Druzhinin

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation MicroLogix 1400 Controllers Series B versions 21.001 and prior Rockwell Automation MicroLogix 1400 Controllers Series A, all versions MicroLogix 1100 Controller, all versions RSLogix 500 Software versions 12.001 and prior **Description** The issue is related to the use of a hard-coded cryptographic key in the RSLogix 500 binary file, which could allow an attacker to identify the key and use it for further cryptographic attacks. This could ultimately lead to a remote attacker gaining unauthorized access to the controller. The vulnerability may allow a remote attacker to elevate their privileges. **Recommendations** For Rockwell Automation MicroLogix 1400 Controllers Series B versions 21.001 and prior, consider restricting access to the controller until a patch is available. For Rockwell Automation MicroLogix 1400 Controllers Series A, all versions, and MicroLogix 1100 Controller, all versions, restrict access to the controller to minimize the risk of exploitation. For RSLogix 500 Software versions 12.001 and prior, as a temporary workaround, consider disabling the use of the hard-coded cryptographic key until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MGE SNMP/Web Card Transverse versions (affected versions not specified) **Description** The issue is related to security mechanism deficiencies in the integrated web server of the MGE SNMP/Web Card Transverse module. This could allow a remote attacker to obtain sensitive device information if network access is obtained. The integrated web server, which uses Port 80/443/TCP, is the vulnerable component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition version 7.7.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For version 7.7.2, update to a newer version that contains a fix for this issue.