James Chambers

**Name of the Vulnerable Software and Affected Versions** PowerG (affected versions not specified) **Description** An attacker may be able to capture the network key, and subsequently read or write encrypted packets on the PowerG network under specific circumstances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** A flaw exists due to nonce reuse, potentially allowing attackers to conduct reply attacks or decrypt captured packets. This could compromise the confidentiality and integrity of communications. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG (affected versions not specified) **Description** The software utilizes a weak pseudo-random number generator. This could allow an attacker to read or inject encrypted PowerG packets. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Network Device (affected versions not specified) **Description** An issue exists where authentication does not properly verify the source of network packets. This could allow an attacker to create a denial-of-service condition or modify the device configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** The issue is related to a lack of authentication for executed requests in the web interface of Cisco IOS XE Software. This could allow a remote attacker to perform a cross-site request forgery (CSRF) attack by persuading a user to follow a malicious link, potentially allowing the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.