Peter Geissler

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact CHARX SEC-3100 (affected versions not specified) **Description** An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The MQTT stack is susceptible to an unauthenticated remote attack due to improper input validation, allowing an attacker to write memory out of bounds. The brute force attack is not always successful because of memory randomization. An exploit for this issue may exist, with potential links to the exploit code available at https://t.co/iVuBGZrI6Y. Unfortunately, the specific versions of the MQTT stack affected are not mentioned in the provided text. #MQTT #cybersecurityawareness #cybersecurity #infosec #hacker #mqttstack #remotattack #memoryrandomization

Name of the Vulnerable Software and Affected Versions: Qualcom plctool (affected versions not specified) Phoenix Contact CHARX SEC-3100 (affected versions not specified) Description: The issue is caused by improper input validation in the Qualcom plctool, allowing a local attacker with low privileges to gain root access by changing the ownership of specific files. This can lead to arbitrary code execution in the context of root. Recommendations: For Qualcom plctool, consider restricting access to the plctool until a patch is available. For Phoenix Contact CHARX SEC-3100, restrict the use of the plctool to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.