Jameel Nabbo

**Name of the Vulnerable Software and Affected Versions** Dell EMC iDRAC8 versions prior to 2.80.80.80 Dell EMC iDRAC9 versions prior to 5.00.00.00 **Description** The issue is related to content spoofing and text injection, where a malicious URL can inject text to present a customized message on the application. This can lead to phishing attacks, making users believe the message is legitimate. A malicious URL can be used to inject text and present a customized message. **Recommendations** For Dell EMC iDRAC8 versions prior to 2.80.80.80, update to version 2.80.80.80 or later. For Dell EMC iDRAC9 versions prior to 5.00.00.00, update to version 5.00.00.00 or later. As a temporary workaround, consider restricting access to the application to minimize the risk of exploitation. Avoid using malicious URLs in the application until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1500 CPU devices versions prior to 1.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device restart and STOP transition, via crafted TCP packets. **Recommendations** For versions prior to 1.6, update the firmware to version 1.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1200 CPU devices versions 2.x through 3.x **Description** A cross-site scripting (XSS) issue exists in the integrated web server, allowing remote attackers to inject arbitrary web script or HTML. This could potentially lead to unauthorized access or control of the device. **Recommendations** For versions 2.x through 3.x, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.