Lars Burhop

**Name of the Vulnerable Software and Affected Versions** Gira TKS-IP-Gateway version 4.0.7.7 **Description** The issue allows for authenticated remote code execution through the backup functionality of the web frontend. **Recommendations** For version 4.0.7.7, consider disabling the backup functionality in the web frontend as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Gira TKS-IP-Gateway version 4.0.7.7 **Description** The issue allows for unauthenticated path traversal, enabling an attacker to download the application database. This can potentially be combined with other exploits for further access. **Recommendations** For version 4.0.7.7, consider restricting access to sensitive database files until a patch is available. As a temporary workaround, limit the ability to download the application database to authorized users only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** S. Siedle & Soehne SG 150-0 Smart Gateway versions prior to 1.2.4 **Description** The issue allows remote code execution via the backup functionality in the web frontend. An attacker with network access can exploit this to gain root access on the gateway. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup functionality in the web frontend until the update is applied.

**Name of the Vulnerable Software and Affected Versions** S. Siedle & Soehne SG 150-0 Smart Gateway versions prior to 1.2.4 **Description** The issue allows local privilege escalation via a race condition in logrotate. An attacker with access to the network can exploit this to gain root access on the gateway. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the logrotate function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** S. Siedle & Soehne SG 150-0 Smart Gateway versions prior to 1.2.4 **Description** The issue allows an attacker with network access to gain root access on the gateway by exploiting a passwordless ftp ssh user through an exploit chain. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting network access to the gateway until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Grouptime Teamwire Client versions 1.5.1 through 1.9.0 Grouptime Teamwire Client backend versions prior to prod-2018-11-13-15-00-42 **Description** The issue affects the admin interface of the Grouptime Teamwire Client, allowing stored XSS attacks. **Recommendations** For Grouptime Teamwire Client versions 1.5.1 through 1.9.0, update to version 1.9.0 or later to resolve the issue. For Grouptime Teamwire Client backend versions prior to prod-2018-11-13-15-00-42, update to a version after prod-2018-11-13-15-00-42 to fix the problem.

**Name of the Vulnerable Software and Affected Versions** Grouptime Teamwire Desktop Client versions 1.5.1 through 1.9.0 Grouptime Teamwire backend versions prior to prod-2018-11-13-15-00-42 **Description** The issue allows code injection via a template, leading to remote code execution. **Recommendations** For Grouptime Teamwire Desktop Client versions 1.5.1 through 1.9.0, update to version 1.9.0 or later. For Grouptime Teamwire backend versions prior to prod-2018-11-13-15-00-42, update to a version after prod-2018-11-13-15-00-42.