Piotr Ptaszek

**Name of the Vulnerable Software and Affected Versions** CHARX SEC-3xxx charging controllers (affected versions not specified) **Description** An unauthenticated adjacent attacker can download log files from the controller, potentially leading to the disclosure of restricted information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AL-KO Robolinho Update Software version 8.0.21.0610 versions prior to 8.0.21.0610 **Description** The AL-KO Robolinho Update Software contains hard-coded AWS Access and Secret keys, potentially granting unauthorized access to AL-KO's AWS bucket. Utilizing these keys directly could provide an attacker with broader access than the application itself. Access granted by these keys includes at least read access to objects within the bucket. The vendor was notified of this issue but did not provide details regarding vulnerable version ranges. **Recommendations** Update to version 8.0.21.0610 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.