Manuel Stotz And Tobias Jäger

**Name of the Vulnerable Software and Affected Versions** Product (affected versions not specified) **Description** The product is vulnerable to remote code execution due to missing input validation during one step of the firmware update process. An attacker with network access and the user level "Service" can execute arbitrary system commands in the root user's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SICK InspectorP61x versions (affected versions not specified) SICK InspectorP62x versions (affected versions not specified) SICK TiM3xx versions (affected versions not specified) **Description** The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device. **Recommendations** For SICK InspectorP61x, consider disabling access to hidden user levels until a patch is available. For SICK InspectorP62x, restrict access to the device to minimize the risk of exploitation. For SICK TiM3xx, avoid using hardcoded credentials for hidden user levels until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CROWN (affected versions not specified) **Description** The issue allows unauthenticated access to critical functions through CROWN APIs, making large parts of the web application accessible without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AppManager (affected versions not specified) **Description** The issue allows Lua apps to be deployed, removed, started, reloaded, or stopped without authorization via AppManager. This enables an attacker to remove legitimate apps, creating a denial-of-service (DoS) attack, read and write files, or load apps that utilize all features of the product available to a customer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The authentication process to the web server uses a challenge response procedure that includes a nonce and additional information. This challenge can be reused multiple times for login, making it vulnerable to a replay attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.