Nicolas Rodrigues

Name of the Vulnerable Software and Affected Versions: PRIMX ZED Enterprise versions up to 2024.3 Description: The issue allows manipulation of technical files stored in local folders with common user access. This can lead to the host computer becoming unavailable or execution of programs with elevated privileges. Recommendations: For PRIMX ZED Enterprise versions up to 2024.3, consider restricting access to technical files stored in local folders to prevent manipulation and minimize the risk of exploitation. As a temporary workaround, limit user privileges to prevent elevation of privilege attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZEDMAIL for Windows versions up to 2024.3 **Description** The issue allows other users to access dedicated folders of ZEDMAIL for Windows by default, potentially misusing technical files and making them perform tasks with higher privileges. **Recommendations** For versions up to 2024.3, modify the configuration of ZEDMAIL to prevent this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ORIZON for Windows versions up to 2024.3 **Description** The issue allows other users to access dedicated folders of ORIZON for Windows by default, potentially misusing technical files and making them perform tasks with higher privileges. **Recommendations** For ORIZON for Windows versions up to 2024.3, modify the configuration to prevent other users from accessing dedicated folders.

**Name of the Vulnerable Software and Affected Versions** CRYHOD for Windows versions up to 2024.3 **Description** The issue allows other users to access dedicated folders of CRYHOD for Windows by default, potentially misusing technical files and making them perform tasks with higher privileges. **Recommendations** For versions up to 2024.3, modify the configuration of CRYHOD to prevent this issue.

**Name of the Vulnerable Software and Affected Versions** ZONECENTRAL for Windows versions up to 2024.3 ZONECENTRAL for Windows versions up to Q.2021.2 **Description** The issue allows other users to access dedicated folders of ZONECENTRAL for Windows, potentially misusing technical files and making them perform tasks with higher privileges. **Recommendations** For ZONECENTRAL for Windows versions up to 2024.3, modify the configuration to restrict access to dedicated folders. For ZONECENTRAL for Windows versions up to Q.2021.2, modify the configuration to restrict access to dedicated folders.

**Name of the Vulnerable Software and Affected Versions** ZONEPOINT for Windows versions up to 2024.1 **Description** The issue allows other users to access dedicated folders of ZONEPOINT for Windows by default, potentially misusing technical files and making them perform tasks with higher privileges. **Recommendations** For ZONEPOINT for Windows versions up to 2024.1, modify the configuration to prevent other users from accessing dedicated folders.