Konstantin Kondratev

**Name of the Vulnerable Software and Affected Versions** AVEVA System Platform version 2020 **Description** The issue concerns the storage of sensitive information in cleartext, potentially allowing access to attackers or low-privileged users. **Recommendations** For AVEVA System Platform version 2020, consider implementing encryption for sensitive information to prevent unauthorized access. As a temporary workaround, restrict access to sensitive data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa NPort IAW5000A-I/O Series firmware versions prior to 2.3 **Description** The issue is related to two buffer overflows in the built-in web server, which may allow a remote attacker to cause a denial-of-service condition. **Recommendations** For firmware versions 2.2 or earlier, update to version 2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Moxa NPort IAW5000A-I/O series firmware versions prior to 2.3 **Description** The issue allows data to be copied without validation in the built-in web server, potentially enabling a remote attacker to cause denial-of-service conditions. **Recommendations** For Moxa NPort IAW5000A-I/O series firmware versions prior to 2.3, update to firmware version 2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Moxa NPort IAW5000A-I/O series firmware versions 2.2 or earlier **Description** The issue is related to improper input validation in the built-in web server, which may allow a remote attacker to execute commands. **Recommendations** For Moxa NPort IAW5000A-I/O series firmware versions 2.2 or earlier, update to a version later than 2.2 to resolve the issue. As a temporary workaround, consider restricting access to the built-in web server until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Moxa NPort IAW5000A-I/O series firmware versions 2.2 or earlier **Description** The issue is related to five buffer overflows in the built-in web server of the Moxa NPort IAW5000A-I/O series. This may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. **Recommendations** For Moxa NPort IAW5000A-I/O series firmware versions 2.2 or earlier, update to a version later than 2.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AVEVA InTouch Runtime versions prior to 2020 R2 **Description** The issue could expose cleartext credentials if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location. **Recommendations** For versions prior to 2020 R2, ensure that diagnostic memory dumps are saved to protected locations to prevent unauthorized access to cleartext credentials. As a temporary workaround, consider restricting access to the diagnostic memory dump feature until a patch is available.