Ivan Speziale

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric Corporation GX Works3 versions 1.015R and later Mitsubishi Electric Corporation GX Works2 all versions Mitsubishi Electric Corporation GX Developer versions 8.40S and later **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information. Unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting. **Recommendations** For GX Works3 versions 1.015R and later, update to a version that addresses the Cleartext Storage of Sensitive Information in Memory issue. For GX Works2 all versions, consider restricting access to sensitive project files until a fix is available. For GX Developer versions 8.40S and later, avoid storing sensitive information in memory until the issue is resolved. As a temporary workaround, consider disabling remote access to project files for MELSEC safety CPU modules or MELSEC Q/FX/L series with security setting until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric Corporation GX Works3 versions 1.015R and later **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information, enabling unauthenticated users to access MELSEC safety CPU modules illegally. **Recommendations** For versions 1.015R and later, update to a version that addresses the Insufficiently Protected Credentials issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IntelliBridge EC 40 and 60 Hub versions C.00.04 and prior **Description** The issue concerns hard-coded credentials, such as a password or a cryptographic key, used for inbound authentication, outbound communication to external components, or encryption of internal data. **Recommendations** For versions C.00.04 and prior, consider changing the hard-coded credentials to unique, secure credentials to mitigate the risk of exploitation. As a temporary workaround, restrict access to the affected system until a patch or update is available.

**Name of the Vulnerable Software and Affected Versions** MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU versions prior to 26 MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU versions prior to 11 **Description** The issue is related to the transmission of credentials in an unencrypted form, allowing a remote attacker to gain unauthorized access to protected information. This can enable an attacker to log in to a target CPU module by obtaining credentials other than a password. **Recommendations** For MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU versions prior to 26, update the firmware to version 27 or later. For MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU versions prior to 11, update the firmware to version 12 or later. As a temporary workaround, consider restricting access to the CPU modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MELSEC iQ-R Series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26 MELSEC iQ-R Series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11 **Description** The issue is related to the exposure of sensitive information to unauthorized actors due to a lack of protection for service data. This can allow a remote attacker to gain unauthorized access to protected information. Specifically, it enables a remote unauthenticated attacker to acquire legitimate user names registered in the module via a brute-force attack on user names. **Recommendations** For MELSEC iQ-R Series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26, update the firmware to version 26 or later. For MELSEC iQ-R Series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11, update the firmware to version 11 or later. As a temporary workaround, consider restricting access to the modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server) versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12 **Description** The issue concerns the management web pages of the affected systems, which do not require authentication. This allows remote attackers to gain administrative access by making a direct request, such as to "ping.php". **Recommendations** For Sinapsi eSolar Light Photovoltaic System Monitor versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later.

**Name of the Vulnerable Software and Affected Versions** Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server) versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `inverterselect` parameter in a primo action to "dettagliinverter.php" or the `lingua` parameter to "changelanguagesession.php". **Recommendations** For Sinapsi eSolar Light Photovoltaic System Monitor versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. As a temporary workaround, consider restricting access to the "dettagliinverter.php" and "changelanguagesession.php" endpoints until a patch is available. Avoid using the `inverterselect` and `lingua` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server) versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `ip dominio` parameter of the ping.php file. **Recommendations** For Sinapsi eSolar Light Photovoltaic System Monitor versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. As a temporary workaround, consider restricting access to the ping.php file to minimize the risk of exploitation. Avoid using the `ip dominio` parameter in the ping.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server) versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12 **Description** The issue allows remote attackers to obtain administrative access by leveraging hardcoded accounts in the login.php script. The script contains cleartext passwords or password hashes, making it easier for attackers to gain access. Demonstrated passwords include `astridservice` or `36e44c9b64`. **Recommendations** For Sinapsi eSolar Light Photovoltaic System Monitor versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later.