Kirill Nesterov

**Name of the Vulnerable Software and Affected Versions** Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior **Description** A memory corruption issue was discovered, related to a null pointer dereference in the web interface of industrial LTE IP modems. This issue can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. **Recommendations** For Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa OnCell G3100-HSPA Series versions 1.4 Build 16062919 and prior **Description** A Reliance on Cookies without Validation and Integrity Checking issue allows an attacker to bypass authentication by performing a brute force attack on a cookie parameter that can consist of only digits, gaining access to device functions. **Recommendations** For Moxa OnCell G3100-HSPA Series versions 1.4 Build 16062919 and prior, consider restricting access to the device until a fix is available, and avoid using the cookie parameter for authentication purposes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa OnCell G3100-HSPA Series versions 1.4 Build 16062919 and prior **Description** A NULL Pointer Dereference issue was discovered, allowing an attacker to perform a denial of service attack by exploiting the application's failure to check for a NULL value. **Recommendations** For Moxa OnCell G3100-HSPA Series versions 1.4 Build 16062919 and prior, consider applying a patch or update that addresses the NULL Pointer Dereference issue to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE D60 Line Distance Relay versions prior to 7.11 **Description** An issue with improper restriction of operations within the bounds of a memory buffer was found. The SSH functions are vulnerable to buffer overflow conditions, potentially allowing a remote attacker to execute arbitrary code on the device. **Recommendations** For GE D60 Line Distance Relay versions prior to 7.11, consider disabling SSH functions as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nari PCS-9611 relay (affected versions not specified) **Description** An Improper Input Validation issue affects a service within the software, potentially allowing a remote attacker to arbitrarily read or access system resources and impact the system's availability. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker to gain read access to arbitrary system resources and affect system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei MBB product E3272s versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 **Description** The issue allows an attacker to send a malicious packet to the Common Gateway Interface (CGI) of a target device, causing it to fail while setting the port attribute. This results in a Denial of Service (DoS) attack. **Recommendations** For versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00, update to version E3272s-153TCPU-V200R002B491D09SP00C00 or later to resolve the issue. As a temporary workaround, consider restricting access to the CGI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IniNet embeddedWebServer (aka eWebServer) versions prior to 2.02 **Description** The issue arises from the mishandling of URL encoding, allowing remote attackers to write to or delete files by using a crafted string. **Recommendations** For versions prior to 2.02, update to version 2.02 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IniNet Solutions GmbH's SCADA Web Server versions prior to 2.02 IniNet embeddedWebServer (aka eWebServer) versions prior to 2.02 **Description** The issue is caused by multiple stack-based buffer overflows in the IniNet embeddedWebServer. Exploitation of these issues may allow a remote attacker to execute arbitrary code via a long field in an HTTP request. **Recommendations** For versions prior to 2.02, update to version 2.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP request field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Schneider Electric InduSoft Web Studio versions prior to 7.1.3.4 SP3 Patch 4 Schneider Electric InTouch Machine Edition 2014 versions prior to 7.1.3.4 SP3 Patch 4 **Description** The issue allows local users to obtain sensitive information by discovering a hardcoded cleartext password used to control read access to Project files and Project Configuration files. **Recommendations** For Schneider Electric InduSoft Web Studio versions prior to 7.1.3.4 SP3 Patch 4, update to version 7.1.3.4 SP3 Patch 4 or later. For Schneider Electric InTouch Machine Edition 2014 versions prior to 7.1.3.4 SP3 Patch 4, update to version 7.1.3.4 SP3 Patch 4 or later.

**Name of the Vulnerable Software and Affected Versions** Emerson DeltaV versions 10.3.1 through 12.3 **Description** The issue is related to errors that occur when changing access control rules through the Telnet protocol, allowing an attacker to gain access to applications via Telnet to run commands or change settings. It also involves the use of hardcoded credentials for diagnostic services, which can be exploited by remote attackers to bypass access restrictions via a TCP session, such as a session using the telnet program. **Recommendations** For Emerson DeltaV versions 10.3.1 through 12.3, consider disabling the use of hardcoded credentials for diagnostic services and restrict access to the Telnet protocol to minimize the risk of exploitation. As a temporary workaround, limit the use of the Telnet program for diagnostic purposes until a more secure method is implemented.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC OA versions prior to 3.12 P002 January **Description** The issue is related to the integrated web server in Siemens SIMATIC WinCC OA, which allows remote attackers to execute arbitrary code via crafted packets sent to TCP port 4999. This is due to errors that occur when processing specially formed TCP packets, enabling an attacker to exploit the issue and execute arbitrary code by sending crafted packets to the specified port. **Recommendations** For versions prior to 3.12 P002 January, update to version 3.12 P002 January or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 4999 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC OA versions prior to 3.12 P002 January **Description** The issue allows remote attackers to bypass the file system of the server in the context of the current user without authentication by sending specially crafted TCP packets. This is a directory traversal vulnerability that can be exploited to read arbitrary files via crafted packets to TCP port 4999. **Recommendations** For versions prior to 3.12 P002 January, update to version 3.12 P002 January or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 4999 to minimize the risk of exploitation.