Fabian Weber

**Name of the Vulnerable Software and Affected Versions** NetSupport Manager versions prior to 14.12.0000 **Description** A heap-based buffer overflow exists in NetSupport Manager 14.x. This issue allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially execute arbitrary code. The root cause is a failure to enforce proper bounds checking when processing network packets before authentication, leading to a heap buffer overflow. Attackers can exploit exposed services without credentials and potentially gain SYSTEM-level compromise. The vulnerability involves a heap out-of-bounds (OOB) write that can be leveraged to corrupt memory and overwrite structures like vtable pointers. This could lead to the execution of arbitrary code or a crash of services. **Recommendations** Upgrade to NetSupport Manager version 14.12.0000 or later. Restrict TCP ports 5421 and 5422 to management VLANs. Remove internet exposure of the affected service. Audit systems for nsservice.exe crashes and unexpected child processes.

**Name of the Vulnerable Software and Affected Versions** NetSupport Manager versions prior to 14.12.0000 **Description** A stack-based buffer overflow exists in NetSupport Manager 14.x versions prior to 14.12.0000. This allows a remote, unauthenticated attacker to potentially cause a denial of service (DoS) or leak a limited amount of memory. A stack-based buffer overflow occurs when a program writes data beyond the allocated memory region on the stack, potentially overwriting adjacent data or control flow information. **Recommendations** Update NetSupport Manager to version 14.12.0000 or later.

**Name of the Vulnerable Software and Affected Versions** B.Braun OnlineSuite versions prior to AP 3.0 **Description** A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server. The issue affects the management of infusion pumps in hospitals worldwide. **Recommendations** For B.Braun OnlineSuite versions prior to AP 3.0, apply the patch released by B.Braun to fix the issue. As a temporary workaround, consider restricting local access to the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Server versions prior to the fixed version **Description** An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server. This issue affects the Apache Server, allowing attackers to execute code remotely with high privileges. **Recommendations** For Apache Server versions prior to the fixed version, update to the latest version that includes the fix for this issue. As a temporary workaround, consider disabling the use of expression language to prevent remote code execution until a patch is available. Restrict access to the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache versions prior to the fixed version **Description** A missing protection against path traversal allows access to any file on the server. This issue affects the Apache software, allowing unauthorized access to files. **Recommendations** For Apache versions prior to the fixed version, update to the latest version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive files on the server until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Janitza GridVis versions 9.0.66 and earlier **Description** The issue concerns the use of hard-coded credentials in the `de.janitza.pasw.feature.impl.activators.PasswordEncryption` password encryption function. This allows remote authenticated administrative users to discover cleartext database credentials contained in error report information. **Recommendations** For Janitza GridVis versions 9.0.66 and earlier, consider disabling the `de.janitza.pasw.feature.impl.activators.PasswordEncryption` function until a patch is available to prevent the exposure of cleartext database credentials. Restrict access to error report information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Janitza GridVis versions 9.0.66 and earlier **Description** The issue allows remote authenticated administrative users to execute arbitrary Groovy code due to exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality. **Recommendations** For versions 9.0.66 and earlier, consider disabling the project load functionality in the de.janitza.pasw.project.server.ServerDatabaseProject until a patch is available. Restrict access to the ServerDatabaseProject to minimize the risk of exploitation. Avoid using the affected project load functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier **Description** A path traversal issue in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted `filename` parameter in requests to the "/upload" endpoint. This enables attackers to potentially modify system files or execute malicious code. **Recommendations** For Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier, as a temporary workaround, consider restricting access to the "/upload" endpoint until a patch is available. Avoid using the `filename` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier **Description** A command injection issue in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges. This is achieved via a crafted `filename` parameter in POST requests to the "/api/updater/ctrl/start update" endpoint. **Recommendations** For Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier, consider disabling the `gedtupdater` service until a patch is available. Restrict access to the "/api/updater/ctrl/start update" endpoint to minimize the risk of exploitation. Avoid using the `filename` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.