Ghirmay Desta

**Name of the Vulnerable Software and Affected Versions** Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 **Description** A use-after-free issue in Microsoft Office Word allows an unauthorized attacker to execute code locally. This occurs when a user is tricked into opening a malicious document that triggers memory corruption, leading to remote code execution. **Recommendations** Update Microsoft 365 Apps for Enterprise to a version newer than 16.0.1.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric FRENIC LOADER version 3.3 Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Mini (C1) Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Mini (C2) Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Eco Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Multi Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-MEGA Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Ace **Description** The issue arises from the program's failure to properly check user-supplied comments, potentially allowing for arbitrary remote code execution. **Recommendations** For Fuji Electric FRENIC LOADER version 3.3, update to a version that properly checks user-supplied comments to prevent arbitrary remote code execution. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Mini (C1), restrict user input to prevent exploitation until a patch is available. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Mini (C2), restrict user input to prevent exploitation until a patch is available. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Eco, restrict user input to prevent exploitation until a patch is available. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Multi, restrict user input to prevent exploitation until a patch is available. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-MEGA, restrict user input to prevent exploitation until a patch is available. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Ace, restrict user input to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric FRENIC LOADER version 3.3 Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Mini (C1) Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Mini (C2) Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Eco Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Multi Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-MEGA Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Ace **Description** The program does not properly parse FNC files, which may allow for information disclosure. **Recommendations** For Fuji Electric FRENIC LOADER version 3.3, update to a version that properly parses FNC files to prevent information disclosure. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Mini (C1), update to a version that properly parses FNC files to prevent information disclosure. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Mini (C2), update to a version that properly parses FNC files to prevent information disclosure. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Eco, update to a version that properly parses FNC files to prevent information disclosure. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Multi, update to a version that properly parses FNC files to prevent information disclosure. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-MEGA, update to a version that properly parses FNC files to prevent information disclosure. For Fuji Electric FRENIC LOADER version 7.3.4.1a of FRENIC-Ace, update to a version that properly parses FNC files to prevent information disclosure.

**Name of the Vulnerable Software and Affected Versions** LeviStudioU versions 1.8.29 through 1.8.44 **Description** The issue is related to an out-of-bounds vulnerability that can be exploited when the application processes specially crafted project files, potentially leading to remote code execution. This is specifically tied to the TIFF parsing functionality within the cximageu component of LeviStudioU. **Recommendations** For versions 1.8.29 through 1.8.44, as a temporary workaround, consider restricting the processing of project files from untrusted sources until a patch is available. Avoid using the TIFF parsing functionality within the cximageu component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LeviStudioU versions 1.8.29 through 1.8.44 **Description** The issue is related to an XML External Entity (XXE) vulnerability that can be exploited when the application processes specially crafted project XML files, potentially leading to information disclosure. **Recommendations** For versions 1.8.29 through 1.8.44, consider restricting the processing of external XML entities in the xmlparser LoadXMLFile function as a temporary workaround until a patch is available. Avoid using the XML External Entity processing feature in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric V-Server versions 4.0.3.0 and prior **Description** An integer underflow issue has been identified, which may allow remote code execution. **Recommendations** For Fuji Electric V-Server versions 4.0.3.0 and prior, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric V-Server version 4.0.3.0 and prior **Description** A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. The issue is related to the VPR file parsing, specifically a CArchive read heap-based buffer overflow and an integer underflow, both of which can lead to remote code execution. **Recommendations** For Fuji Electric V-Server version 4.0.3.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric V-Server versions 4.0.3.0 and prior **Description** Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. The issue is related to the VPR file parsing, where a type confusion out-of-bounds write can occur, potentially leading to remote code execution. **Recommendations** For Fuji Electric V-Server versions 4.0.3.0 and prior, update to a version that addresses the out-of-bounds write vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric V-Server versions 4.0.3.0 and prior **Description** A use after free vulnerability has been identified in Fuji Electric V-Server, which may allow remote code execution. The issue is related to VPR file parsing and a CObArray use-after-free. **Recommendations** For Fuji Electric V-Server versions 4.0.3.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric V-Server versions 4.0.3.0 and prior **Description** An out-of-bounds read issue has been identified, which may allow remote code execution. **Recommendations** For Fuji Electric V-Server versions 4.0.3.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric V-Server versions 4.0.3.0 and prior **Description** Multiple untrusted pointer dereference issues have been identified, which may allow remote code execution. The vulnerabilities are related to the VPR file parsing and CArchive read functions. **Recommendations** For Fuji Electric V-Server versions 4.0.3.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WECON LeviStudio versions 1.8.29 through 1.8.44 Description: The issue is related to multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This can lead to remote code execution. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eaton 9000X DriveA versions 2.0.29 and prior **Description** The issue is a stack-based buffer overflow, which may allow remote code execution. **Recommendations** For versions 2.0.29 and prior, update to a version later than 2.0.29 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Delta PMSoft versions 2.10 and prior **Description** The issue allows a .ppm file to introduce a value larger than is readable by PMSoft's fixed-length stack buffer, causing the buffer to be overwritten. This may allow arbitrary code execution or cause the application to crash. **Recommendations** For Delta PMSoft versions 2.10 and prior, update to at least PMSoft v2.11 or the latest available version.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics Delta Industrial Automation DOPSoft version 4.00.01 or prior **Description** A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft. This issue is caused by processing specially crafted .dop or .dpb files, which may allow an attacker to remotely execute arbitrary code. **Recommendations** For Delta Electronics Delta Industrial Automation DOPSoft version 4.00.01 or prior, update to a version later than 4.00.01 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted .dop or .dpb files until a patch is available. Restrict access to the DOPSoft application to minimize the risk of exploitation.