Pascal Keul

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS **Description** The issue allows an authenticated low-privileged user to embed malicious Javascript code, potentially gaining admin rights when an admin user visits the vulnerable website. This is a case of local privilege escalation. **Recommendations** For versions prior to 2021.0 LTS, update to version 2021.0 LTS or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable website to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS **Description** The issue allows an attacker to open a reverse shell with root privileges. **Recommendations** For versions prior to 2021.0 LTS, update to version 2021.0 LTS or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS **Description** The issue allows an attacker to gain knowledge by reading insufficiently protected sensitive information, which can be used to plan further attacks. **Recommendations** For versions prior to 2021.0 LTS, update to version 2021.0 LTS or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ARP-GUARD version 4.0.0-5 **Description** A SQL injection issue allows unauthenticated remote attackers to execute arbitrary SQL commands. This is achieved via the `user id` parameter in a "/login/forgot1" POST request. **Recommendations** For ARP-GUARD version 4.0.0-5, avoid using the `user id` parameter in the "/login/forgot1" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SECUDOS DOMOS versions prior to 5.6 **Description** The issue concerns the Log module in SECUDOS DOMOS, which allows local file inclusion. **Recommendations** For versions prior to 5.6, update to version 5.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SECUDOS DOMOS versions prior to 5.6 **Description** The issue affects the Log module, allowing for cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 5.6, update to version 5.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG Homematic CCU3 versions 3.43.15 and earlier **Description** The issue allows unauthenticated remote attackers to disclose password hashes of GUI users through the User.getUserPWD method. This can be exploited by attackers with access to the web interface. **Recommendations** For versions 3.43.15 and earlier, update to a version that fixes this issue to prevent unauthenticated password hash disclosure. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** eQ-3 AG Homematic CCU3 versions 3.43.15 and earlier **Description** The issue allows remote attackers to read arbitrary files of the device's filesystem through Directory Traversal or Arbitrary File Read. This can be exploited by unauthenticated attackers with access to the web interface. **Recommendations** For versions 3.43.15 and earlier, update to a version later than 3.43.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Semcosoft version 5.3 **Description** A reflected Cross-Site scripting issue allows remote attackers to inject arbitrary web scripts or HTML via the `username` parameter to the "Login Form" API endpoint. **Recommendations** For Semcosoft version 5.3, consider validating and sanitizing user input for the `username` parameter in the Login Form to prevent arbitrary script injection. As a temporary workaround, restrict access to the Login Form until a patch is available.