Mr_Me

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** The issue is related to errors in data serialization within the JavaSerializationCodec class of Inductive Automation Ignition. This allows remote attackers to execute arbitrary code on affected installations without requiring authentication. The problem stems from the lack of proper validation of user-supplied data, leading to the deserialization of untrusted data. An attacker can leverage this to execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition (affected versions not specified) **Description** The issue is related to the ParameterVersionJavaSerializationCodec class in Inductive Automation Ignition, which is associated with weaknesses in the authentication procedure. This allows a remote attacker to execute arbitrary code in the context of SYSTEM due to the lack of proper validation of user-supplied data, resulting in the deserialization of untrusted data. No authentication is required to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keysight Geolocation Server versions 2.4.2 and prior **Description** The issue is related to improper path validation, which could allow an attacker to upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges. This could result in local privilege escalation or a denial-of-service condition. The vulnerability is associated with errors in processing relative paths to directories. **Recommendations** For Keysight Geolocation Server versions 2.4.2 and prior, consider restricting access to sensitive directories and files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the affected server for critical operations that could be impacted by a denial-of-service condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keysight Geolocation Server versions 2.4.2 and prior **Description** A low privileged attacker could create a local ZIP file containing a malicious script in any location, which could be abused to load a DLL with SYSTEM privileges. The vulnerability is related to the use of dangerous methods or functions. **Recommendations** For Keysight Geolocation Server versions 2.4.2 and prior, consider restricting access to the ZIP file creation functionality to prevent exploitation until a patch is available. As a temporary workaround, avoid using the affected functionality that allows loading DLLs with SYSTEM privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of APP files due to the lack of proper validation of user-supplied data, resulting in deserialization of untrusted data. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000), as a temporary workaround, consider disabling the parsing of APP files until a patch is available. Restrict access to untrusted data to minimize the risk of exploitation. Avoid using user-supplied data in the affected parsing process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware vRealize Operations (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in the monitoring tool for virtual infrastructure. It allows a remote attacker to disclose protected information. A malicious actor with low privileges and network access can create and leak hex dumps, leading to information disclosure, and potentially to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware vRealize Operations (affected versions not specified) **Description** The issue is related to insecure privilege management in VMware vRealize Operations, allowing a malicious actor with administrative network access to escalate privileges to root. This can be exploited by a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware vRealize Operations (affected versions not specified) **Description** The issue is related to insufficient protection of registration data, which can lead to information disclosure. A low-privileged malicious actor with network access can exploit this to access log files, potentially gaining unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware vRealize Operations (affected versions not specified) **Description** The issue is related to an authentication bypass vulnerability in VMware vRealize Operations. This vulnerability can be exploited by an unauthenticated malicious actor with network access, allowing them to create a user with administrative privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access, Identity Manager and vRealize Automation (affected versions not specified) **Description** The issue is related to insufficient access control in the administration platform of VMware Workspace ONE Access, VMware Identity Manager, and VMware vRealize Automation. A malicious actor with local access can exploit this issue to escalate privileges to 'root'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access, Identity Manager and vRealize Automation (affected versions not specified) **Description** The issue is related to incorrect code generation management in the administration platform of VMware Workspace One Access, VMware Identity Manager console, and VMware vRealize Automation virtual infrastructure management tool. A malicious actor with administrator and network access can trigger a remote code execution. This allows an attacker to execute arbitrary code remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OPC Labs QuickOPC version 2022.1 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the processing of XML files in Connectivity Explorer due to the lack of proper validation of user-supplied data, resulting in deserialization of untrusted data. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For OPC Labs QuickOPC version 2022.1, consider disabling the processing of XML files in Connectivity Explorer as a temporary workaround until a patch is available. Restrict access to Connectivity Explorer to minimize the risk of exploitation. Avoid using untrusted data in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inductive Automation Ignition versions 7.9.20 and earlier Inductive Automation Ignition versions 8.1.17 and earlier **Description** An issue was discovered in Inductive Automation Ignition that allows remote attackers to execute arbitrary code by supplying a Python script using the `ScriptInvoke` function. **Recommendations** For Inductive Automation Ignition versions 7.9.20 and earlier, update to version 7.9.20 or later. For Inductive Automation Ignition versions 8.1.17 and earlier, update to version 8.1.17 or later. As a temporary workaround, consider disabling the `ScriptInvoke` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access (affected versions not specified) VMware Identity Manager (affected versions not specified) VMware vRealize Automation (affected versions not specified) **Description** The issue is related to a cross-site request forgery vulnerability. A malicious actor can trick a user into unintentionally validating a malicious JDBC URI through a cross-site request forgery. The vulnerability is associated with insufficient checking of the source of HTTP requests, which can allow a remote attacker to carry out CSRF attacks using a specially crafted web page. **Recommendations** For VMware Workspace ONE Access, consider implementing additional validation for HTTP requests to prevent cross-site request forgery attacks. For VMware Identity Manager, restrict access to sensitive operations that can be triggered by a malicious JDBC URI until a fix is available. For VMware vRealize Automation, as a temporary workaround, consider disabling the functionality that allows validation of JDBC URIs through user-initiated requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace One Access (affected versions not specified) **Description** The issue is related to weaknesses in the OAuth2 ACS authentication procedure of the VMware Workspace One Access administration platform. It allows a remote attacker to bypass the authentication process and gain unauthorized access to the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access and Identity Manager VMware Cloud Foundation vRealize Suite Lifecycle Manager **Description** The software contains a remote code execution issue due to a server-side template injection. A malicious actor with network access can trigger this injection, potentially leading to remote code execution. The issue is related to improper handling of code generation within the Template Handler component. Exploitation can be achieved through a crafted HTTP request targeting the `/catalog-portal/ui/oauth/verify` **API Endpoint** with the `deviceUdid` **parameter**. The payload utilizes the `freemarker.template.utility.Execute` function to execute arbitrary commands. Reports indicate that the vulnerability has been actively exploited by the Rocket Kitten APT group to gain initial access and deploy backdoors, including Core Impact. The vulnerability allows for the highest level of privileged access to virtualized host and guest environments. **Recommendations** Versions prior to the fix for CVE-2022-22954 should be updated. As a temporary workaround, consider disabling the vulnerable component Template Handler until a patch is available. Restrict access to the `/catalog-portal/ui/oauth/verify` **API Endpoint** to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access versions (affected versions not specified) VMware Cloud Foundation versions (affected versions not specified) VMware vRealize Automation versions (affected versions not specified) vRealize Suite Lifecycle Manager versions (affected versions not specified) VMware Identity Manager (vIDM) versions (affected versions not specified) **Description** The issue is related to improper use of standard permissions, allowing an attacker to escalate privileges using a specially crafted HTTP request. A malicious actor with local access can exploit this to gain 'root' privileges due to improper permissions in support scripts. **Recommendations** For VMware Workspace ONE Access, consider restricting access to support scripts until a fix is available. For VMware Cloud Foundation, restrict access to vulnerable components to minimize the risk of exploitation. For VMware vRealize Automation, disable or limit the use of support scripts that may be used for privilege escalation. For vRealize Suite Lifecycle Manager, apply configuration changes to properly set permissions for support scripts. For VMware Identity Manager (vIDM), restrict local access to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace One Access (affected versions not specified) **Description** The issue is related to the OAuth2 ACS service of the application administration platform, which has weaknesses in its authentication procedure. This can be exploited by a remote attacker to bypass the authentication process and gain unauthorized access to the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in Microsoft SharePoint Server, which is associated with deficiencies in the authentication procedure. This vulnerability can be exploited by a remote attacker to gain access to confidential information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Triangle MicroWorks SCADA Data Gateway (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature, resulting from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this issue to execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.