Mdm

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 for Finance and Operations (affected versions not specified) **Description** The issue is related to the failure to protect the web page structure, allowing for cross-site scripting attacks. An attacker, acting remotely, can exploit this to conduct such attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier Description: The issue is related to `mwe` file parsing in Phoenix Contact PC Worx and PC Worx Express, which is vulnerable to out-of-bounds read remote code execution. This is due to insufficient input data validation, allowing manipulated PC Worx projects to potentially lead to remote code execution. The vulnerability is associated with a buffer read beyond its boundaries, which could enable an attacker to execute arbitrary code. Recommendations: For versions 1.87 and earlier, update to a version later than 1.87 to resolve the issue. As a temporary workaround, consider restricting the use of `mwe` file parsing in PC Worx and PC Worx Express until a patch is available. Avoid using manipulated PC Worx projects to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Interactive Graphical SCADA System (IGSS) versions prior to 14 **Description** The issue is related to an out-of-bounds write in the memory, which can be triggered by manipulating data in the mdb database. This can cause a software crash, potentially leading to a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the possibility of remote code execution due to the out-of-bounds write vulnerability in the mdb database. **Recommendations** For versions prior to 14, update to version 14 or later to resolve the issue. As a temporary workaround, consider restricting access to the mdb database to minimize the risk of exploitation. Avoid manipulating data in the mdb database until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHOENIX CONTACT PC Worx versions 1.86 and earlier PHOENIX CONTACT PC Worx Express versions 1.86 and earlier PHOENIX CONTACT Config+ versions 1.86 and earlier **Description** The issue is related to a Use-After-Free condition that can lead to remote code execution. It involves manipulating a PC Worx or Config+ project file, which requires access to an original file. After manipulation, the attacker must replace the original file with the manipulated one on the application programming workstation. The vulnerability is associated with the use of memory after it has been freed, potentially allowing a remote attacker to execute arbitrary code. **Recommendations** For PHOENIX CONTACT PC Worx versions 1.86 and earlier, consider restricting access to project files to prevent manipulation. For PHOENIX CONTACT PC Worx Express versions 1.86 and earlier, avoid exchanging project files from untrusted sources. For PHOENIX CONTACT Config+ versions 1.86 and earlier, limit access to the application programming workstation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zelio Soft 2 versions prior to 5.1 Description: A Use After Free issue exists which could cause remote code execution when opening a specially crafted Zelio Soft project file. This issue is related to the parsing of Zelio Soft 2 ZM2 files. Recommendations: For versions prior to 5.1, update to a version that contains a fix for this issue to prevent remote code execution when opening specially crafted project files.

**Name of the Vulnerable Software and Affected Versions** Cscape versions 9.80.75.3 SP3 and prior **Description** An improper input validation issue has been identified, which can be exploited by processing specially crafted files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code. The issue is related to the parsing of CSP files and can lead to various types of attacks, including remote code execution and information disclosure. **Recommendations** For versions 9.80.75.3 SP3 and prior, update to a version that includes the fix for the improper input validation vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.