Mikael Vingaard

**Name of the Vulnerable Software and Affected Versions** Programmable Logic Controllers versions (affected versions not specified) **Description** The issue concerns a denial-of-service attack due to a flood of network packets. Researchers have found that some controllers from various manufacturers, including ABB, Phoenix Contact, Schneider Electric, Siemens, and WAGO, are susceptible to this attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa NPort versions 2.9 build 17030709 and prior **Description** The issue allows a malicious actor to cause a denial-of-service condition by requesting an unrestricted amount of resources. **Recommendations** For Moxa NPort versions 2.9 build 17030709 and prior, update to a version later than 2.9 build 17030709 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Moxa NPort 5110 versions prior to 2.6 Moxa NPort 5130/5150 Series versions prior to 3.6 Moxa NPort 5200 Series versions prior to 2.8 Moxa NPort 5400 Series versions prior to 3.11 Moxa NPort 5600 Series versions prior to 3.7 Moxa NPort 5100A Series & NPort P5150A versions prior to 1.3 Moxa NPort 5200A Series versions prior to 1.3 Moxa NPort 5150AI-M12 Series versions prior to 1.2 Moxa NPort 5250AI-M12 Series versions prior to 1.2 Moxa NPort 5450AI-M12 Series versions prior to 1.2 Moxa NPort 5600-8-DT Series versions prior to 2.4 Moxa NPort 5600-8-DTL Series versions prior to 2.4 Moxa NPort 6x50 Series versions prior to 1.13.11 Moxa NPort IA5450A versions prior to v1.4 **Description** A buffer overflow issue may allow an unauthenticated attacker to remotely execute arbitrary code. **Recommendations** For Moxa NPort 5110 versions prior to 2.6, update to version 2.6 or later. For Moxa NPort 5130/5150 Series versions prior to 3.6, update to version 3.6 or later. For Moxa NPort 5200 Series versions prior to 2.8, update to version 2.8 or later. For Moxa NPort 5400 Series versions prior to 3.11, update to version 3.11 or later. For Moxa NPort 5600 Series versions prior to 3.7, update to version 3.7 or later. For Moxa NPort 5100A Series & NPort P5150A versions prior to 1.3, update to version 1.3 or later. For Moxa NPort 5200A Series versions prior to 1.3, update to version 1.3 or later. For Moxa NPort 5150AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5250AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5450AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5600-8-DT Series versions prior to 2.4, update to version 2.4 or later. For Moxa NPort 5600-8-DTL Series versions prior to 2.4, update to version 2.4 or later. For Moxa NPort 6x50 Series versions prior to 1.13.11, update to version 1.13.11 or later. For Moxa NPort IA5450A versions prior to v1.4, update to version v1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Moxa NPort 5110 versions prior to 2.6 Moxa NPort 5130/5150 Series versions prior to 3.6 Moxa NPort 5200 Series versions prior to 2.8 Moxa NPort 5400 Series versions prior to 3.11 Moxa NPort 5600 Series versions prior to 3.7 Moxa NPort 5100A Series & NPort P5150A versions prior to 1.3 Moxa NPort 5200A Series versions prior to 1.3 Moxa NPort 5150AI-M12 Series versions prior to 1.2 Moxa NPort 5250AI-M12 Series versions prior to 1.2 Moxa NPort 5450AI-M12 Series versions prior to 1.2 Moxa NPort 5600-8-DT Series versions prior to 2.4 Moxa NPort 5600-8-DTL Series versions prior to 2.4 Moxa NPort 6x50 Series versions prior to 1.13.11 Moxa NPort IA5450A versions prior to v1.4 **Description** The issue is related to the authentication procedure in Moxa NPort devices, allowing administration passwords to be retried without authenticating. This can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Moxa NPort 5110 versions prior to 2.6, update to version 2.6 or later. For Moxa NPort 5130/5150 Series versions prior to 3.6, update to version 3.6 or later. For Moxa NPort 5200 Series versions prior to 2.8, update to version 2.8 or later. For Moxa NPort 5400 Series versions prior to 3.11, update to version 3.11 or later. For Moxa NPort 5600 Series versions prior to 3.7, update to version 3.7 or later. For Moxa NPort 5100A Series & NPort P5150A versions prior to 1.3, update to version 1.3 or later. For Moxa NPort 5200A Series versions prior to 1.3, update to version 1.3 or later. For Moxa NPort 5150AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5250AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5450AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5600-8-DT Series versions prior to 2.4, update to version 2.4 or later. For Moxa NPort 5600-8-DTL Series versions prior to 2.4, update to version 2.4 or later. For Moxa NPort 6x50 Series versions prior to 1.13.11, update to version 1.13.11 or later. For Moxa NPort IA5450A versions prior to v1.4, update to version v1.4 or later.