Logan Carpenter

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A remote attacker with high privileges may use a reading file function to inject OS commands. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A remote attacker with high privileges may use a deleting file function to inject OS commands. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A high privileged remote attacker can enable telnet access that accepts hardcoded credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmartSPS devices (affected versions not specified) **Description** An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A remote attacker with high privileges may use a writing file function to inject OS commands. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHOENIX CONTACT RAD-ISM-900-EN-* devices (all versions of the firmware) **Description** The issue arises from an improper input validation in the traceroute utility integrated in the WebUI, allowing an admin user to execute arbitrary code with root privileges on the OS. This can be exploited by a remote attacker. **Recommendations** For all versions of the firmware, consider disabling the traceroute utility in the WebUI as a temporary workaround until a patch is available. Restrict access to the WebUI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHOENIX CONTACT RAD-ISM-900-EN-* devices (all versions of the firmware) **Description** The issue arises from an improper validation of an integrity check value in the configuration file uploader of the WebUI, allowing an admin user to execute arbitrary code with root privileges on the OS. This can be exploited by a remote attacker. **Recommendations** For all versions of the firmware, consider disabling the configuration file uploader in the WebUI as a temporary workaround until a patch is available. Restrict access to the WebUI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.