Michael Orlando

**Name of the Vulnerable Software and Affected Versions** RSLinx Classic versions 2.57 and earlier EDS Hardware Installation Tool version 1.0.5.1 and earlier **Description** The issue is related to a buffer overflow in the RSEds.dll component of the EDS Hardware Installation Tool and RSHWare.exe in RSLinx Classic. This can be triggered by a malformed .eds file, potentially allowing user-assisted remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code. **Recommendations** For RSLinx Classic versions 2.57 and earlier, update to version 2.58 or later. For EDS Hardware Installation Tool version 1.0.5.1 and earlier, consider avoiding the use of malformed .eds files until a patch is available. As a temporary workaround, consider restricting access to the RSEds.dll component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebSCADA WS100 and WS200 versions (affected versions not specified) Easy Connect EC150 versions (affected versions not specified) Modbus RTU - TCP Gateway MB100 versions (affected versions not specified) Serial Ethernet Server SS100 versions (affected versions not specified) IntelliCom NetBiter NB100 and NB200 platforms versions (affected versions not specified) **Description** A directory traversal issue exists in the `cgi-bin/read.cgi` file, allowing remote authenticated administrators to read arbitrary files by using a `..` (dot dot) in the `page` parameter. **Recommendations** For WebSCADA WS100 and WS200, restrict access to the `cgi-bin/read.cgi` file until a fix is available. For Easy Connect EC150, consider disabling the `read.cgi` functionality to prevent exploitation. For Modbus RTU - TCP Gateway MB100, avoid using the `page` parameter in the `cgi-bin/read.cgi` file until the issue is resolved. For Serial Ethernet Server SS100, limit access to the `cgi-bin` directory to minimize the risk of exploitation. For IntelliCom NetBiter NB100 and NB200 platforms, as a temporary workaround, consider restricting access to the `read.cgi` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WebSCADA WS100 and WS200 versions (affected versions not specified) Easy Connect EC150 versions (affected versions not specified) Modbus RTU - TCP Gateway MB100 versions (affected versions not specified) Serial Ethernet Server SS100 versions (affected versions not specified) IntelliCom NetBiter NB100 and NB200 platforms versions (affected versions not specified) **Description** The issue allows remote authenticated administrators to read arbitrary files via a full pathname in the `file` parameter. This is a result of an absolute path traversal vulnerability in `cgi-bin/read.cgi`. **Recommendations** For WebSCADA WS100 and WS200, restrict access to the `cgi-bin/read.cgi` endpoint to minimize the risk of exploitation. For Easy Connect EC150, avoid using the `file` parameter in the affected API endpoint until the issue is resolved. For Modbus RTU - TCP Gateway MB100, consider disabling the `read.cgi` function until a patch is available. For Serial Ethernet Server SS100, restrict access to the vulnerable `cgi-bin` module to minimize the risk of exploitation. For IntelliCom NetBiter NB100 and NB200 platforms, as a temporary workaround, consider limiting the privileges of authenticated administrators to reduce the impact of the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebSCADA WS100 and WS200 versions (affected versions not specified) Easy Connect EC150 versions (affected versions not specified) Modbus RTU - TCP Gateway MB100 versions (affected versions not specified) Serial Ethernet Server SS100 versions (affected versions not specified) IntelliCom NetBiter NB100 and NB200 platforms versions (affected versions not specified) **Description** The issue allows remote authenticated administrators to execute arbitrary code. This is achieved by using a `config.html 2.conf` action to replace the logo page's GIF image file with a file containing the code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wonderware Application Server (WAS) versions prior to 3.1 SP2 P01 **Description** The issue is related to a stack-based buffer overflow in the IConfigurationAccess interface, specifically in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control. This allows remote attackers to execute arbitrary code via the first argument to the `UnsubscribeData` method. **Recommendations** For versions prior to 3.1 SP2 P01, update to version 3.1 SP2 P01 or later to resolve the issue. As a temporary workaround, consider restricting access to the `UnsubscribeData` method in the IConfigurationAccess interface until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Cisco Industrial Ethernet 3000 series switches versions 12.2(52)SE through 12.2(52)SE1 **Description** The issue arises from the use of well-known SNMP community names, `public` for read-only access and `private` for read-write access, which are hard-coded in the system. This makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests. **Recommendations** For versions 12.2(52)SE and 12.2(52)SE1, perform a Cisco IOS Software upgrade to a version that addresses this issue. As a temporary workaround, consider deploying the mitigation measures outlined in the Workarounds section to minimize the risk of exploitation.