M. Can Kurnaz

**Name of the Vulnerable Software and Affected Versions** PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G versions 4.2.21 through 6.0.16 and prior Telecontrol Gateway XS-MU versions 4.2.21 through 6.0.16 and prior Telecontrol Gateway VM versions 4.2.21 through 6.0.16 and prior Smart Telecontrol Unit TCG versions 5.0.27 through 6.0.16 and prior IEC104 Security Proxy versions prior to 2.2.10 **Description** The web application browser interprets input as active HTML, JavaScript, or VBScript, which could allow an attacker to execute arbitrary code. **Recommendations** For Telecontrol Gateway 3G versions 4.2.21 through 6.0.16 and prior, update to a version later than 6.0.16. For Telecontrol Gateway XS-MU versions 4.2.21 through 6.0.16 and prior, update to a version later than 6.0.16. For Telecontrol Gateway VM versions 4.2.21 through 6.0.16 and prior, update to a version later than 6.0.16. For Smart Telecontrol Unit TCG versions 5.0.27 through 6.0.16 and prior, update to a version later than 6.0.16. For IEC104 Security Proxy versions prior to 2.2.10, update to a version later than 2.2.10.

**Name of the Vulnerable Software and Affected Versions** Circontrol CirCarLife versions prior to 4.3.1 **Description** The issue allows authentication to the device to be bypassed by entering the URL of a specific page. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01 Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00 Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03 Firmware variant IEC 104 for EN100 Ethernet module versions prior to V1.21 EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02 **Description** A specially crafted packet sent to port 50000/UDP could cause a denial-of-service of the affected device, resulting in the device not performing its primary functions. This could lead to the device becoming unresponsive, requiring a manual reboot to recover the service. The issue affects the Siemens SIPROTEC device, potentially causing it to fail in protecting primary equipment at electrical stations and substations. **Recommendations** For Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01, update to version V1.04.01 or later. For Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00, update to version V1.11.00 or later. For Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03, update to version V1.03 or later. For Firmware variant IEC 104 for EN100 Ethernet module versions prior to V1.21, update to version V1.21 or later. For EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02, update to version 1.02.02 or later. As a temporary workaround, consider restricting access to port 50000/UDP to minimize the risk of exploitation.