Nataliya Tlyapova

**Name of the Vulnerable Software and Affected Versions** CL5708IM (affected versions not specified) **Description** The issue is a Stack-based Buffer Overflow, allowing unauthenticated remote attackers to execute arbitrary code on the device. This can be exploited by remote attackers without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CL5708IM (affected versions not specified) **Description** The issue concerns a Heap-based Buffer Overflow vulnerability in the CL5708IM, allowing unauthenticated remote attackers to exploit this vulnerability and perform a denial-of-service attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CL5708IM (affected versions not specified) **Description** The issue is a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CL5708IM (affected versions not specified) **Description** The issue is a Stack-based Buffer Overflow, allowing unauthenticated remote attackers to execute arbitrary code on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LCD KVM over IP Switch CL5708IM (affected versions not specified) **Description** The issue is a Heap-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CAMS for HIS CENTUM CS 3000 versions R3.08.10 through R3.09.50 CAMS for HIS CENTUM VP versions R4.01.00 through R6.07.00 CAMS for HIS B/M9000CS versions R5.04.01 through R5.05.01 CAMS for HIS B/M9000 VP versions R6.01.01 through R8.03.01 Description: The issue is related to a directory traversal vulnerability in the CAMS for HIS component, which is associated with inadequate path name checking. This allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. Recommendations: For CAMS for HIS CENTUM CS 3000 versions R3.08.10 through R3.09.50, update to a version outside of this range to resolve the issue. For CAMS for HIS CENTUM VP versions R4.01.00 through R6.07.00, update to a version outside of this range to resolve the issue. For CAMS for HIS B/M9000CS versions R5.04.01 through R5.05.01, update to a version outside of this range to resolve the issue. For CAMS for HIS B/M9000 VP versions R6.01.01 through R8.03.01, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the CAMS for HIS component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CAMS for HIS CENTUM CS 3000 versions R3.08.10 through R3.09.50 CENTUM VP versions R4.01.00 through R6.07.00 B/M9000CS versions R5.04.01 through R5.05.01 B/M9000 VP versions R6.01.01 through R8.03.01 Description: The issue allows a remote unauthenticated attacker to bypass authentication and send altered communication packets. This is related to a lack of authentication when interacting via a specialized protocol, which can enable an unauthorized remote attacker to interact with the server. Recommendations: For CAMS for HIS CENTUM CS 3000 versions R3.08.10 through R3.09.50, update to a version outside of this range to mitigate the risk. For CENTUM VP versions R4.01.00 through R6.07.00, update to a version outside of this range to mitigate the risk. For B/M9000CS versions R5.04.01 through R5.05.01, update to a version outside of this range to mitigate the risk. For B/M9000 VP versions R6.01.01 through R8.03.01, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the specialized protocol to minimize the risk of exploitation.