Nassim Asrir

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO (affected versions not specified) Description: The issue is related to the use of hard-coded credentials in mySCADA myPRO, which could allow a remote attacker to execute code on the affected device. The hardcoded password is `brumla`. This could enable an attacker to gain access to the system. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the `GSMIOC SETCONF` ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a `struct gsm dlci` while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. The exploit bypasses KASLR by leaking the kernel address from world-readable `/sys/kernel/notes`. To bypass SMAP, the author used a novel technique of filling the `kernfs pr cont buf` global variable with controlled data from userspace. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess version 8.3.0 **Description** The issue is related to the VBWinExec function in NodeAspVBObj.dll, which allows remote attackers to execute arbitrary OS commands via a single argument, specifically the command parameter. This is due to the lack of measures to neutralize special elements used in OS commands. Exploitation of this issue can allow a remote attacker to execute arbitrary OS commands using a specially crafted parameter. **Recommendations** For Advantech WebAccess version 8.3.0, consider disabling the VBWinExec function as a temporary workaround until a patch is available. Restrict access to the NodeAspVBObj.dll module to minimize the risk of exploitation. Avoid using the command parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dataTaker DT80 dEX version 1.50.012 **Description** The issue allows remote attackers to obtain sensitive credential and configuration information. This can be achieved via a direct request for the "/services/getFile.cmd?userfile=config.xml" API endpoint. **Recommendations** For version 1.50.012, restrict access to the "/services/getFile.cmd?userfile=config.xml" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cerberus FTP Server version 8.0.10.3 **Description** A buffer overflow issue exists, allowing remote attackers to cause a denial of service, potentially leading to a daemon crash, or possibly having other unspecified impacts. This is achieved by sending a long MLST command. **Recommendations** For Cerberus FTP Server version 8.0.10.3, consider restricting access to the MLST command as a temporary workaround until a patch is available.