Max Bäumler

**Name of the Vulnerable Software and Affected Versions** DATEV eG Personal-Management System Comfort/Comfort Plus versions 15.1.0 through 16.1.1 P4 **Description** A reflected cross-site scripting issue allows attackers to steal targeted users' login data by sending a crafted link. **Recommendations** For versions 15.1.0 through 16.1.1 P4, update to a version that contains a fix for this issue to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: LOGO! 12/24RCE versions all LOGO! 12/24RCEo versions all LOGO! 230RCE versions all LOGO! 230RCEo versions all LOGO! 24CE versions all LOGO! 24CEo versions all LOGO! 24RCE versions all LOGO! 24RCEo versions all SIPLUS LOGO! 12/24RCE versions all SIPLUS LOGO! 12/24RCEo versions all SIPLUS LOGO! 230RCE versions all SIPLUS LOGO! 230RCEo versions all SIPLUS LOGO! 24CE versions all SIPLUS LOGO! 24CEo versions all SIPLUS LOGO! 24RCE versions all SIPLUS LOGO! 24RCEo versions all Description: A vulnerability has been identified in the control logic (CL) executed by the LOGO! 8, which could be manipulated to cause the device to improperly handle the manipulation and crash. After a successful attack, the device needs to be manually reset. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.