Nozomi Networks

**Name of the Vulnerable Software and Affected Versions** WAGO 8000-0002 BACNet Service (affected versions not specified) **Description** A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources, which may lead to a Denial of Service (DoS) limited to BACNet communication. This issue may potentially lead to system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CODESYS V3 (affected versions not specified) **Description** A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability, which could lead to full system access and/or Denial of Service (DoS). The vulnerability is related to a critical function in the CODESYS V3 service that lacks proper authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited Denial of Service (DoS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A low privileged remote attacker can overwrite an arbitrary file on the filesystem, leading to a Denial of Service (DoS) and data loss. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A low privileged remote attacker can overwrite an arbitrary file on the filesystem, which may lead to an arbitrary file read with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A low privileged remote attacker can specify an arbitrary file on the filesystem, which may lead to arbitrary file writes with root privileges. This issue allows a remote attacker with low privileges to choose any file on the filesystem, potentially enabling them to write any file with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TwinCAT/BSD (affected versions not specified) **Description** The issue is related to a buffer overflow in the MPD package of TwinCAT/BSD, which can be exploited by an authenticated, low-privileged local attacker. This can lead to a Denial-of-Service (DoS) condition on the daemon and allow the execution of code in the context of the "root" user via a crafted HTTP request. The exploitation can potentially result in system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TwinCAT/BSD (affected versions not specified) **Description** The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TwinCAT/BSD (affected versions not specified) **Description** The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.