Reid Wightman

**Name of the Vulnerable Software and Affected Versions** GE Vernova Enervista versions prior to 8.6 **Description** A security issue exists in GE Vernova Enervista UR Setup on Windows. The issue affects versions prior to 8.6. **Recommendations** Update to a version newer than 8.6.

**Name of the Vulnerable Software and Affected Versions** GE Vernova Enervista versions prior to 8.6 **Description** A flaw exists in GE Vernova Enervista UR Setup on Windows that permits file manipulation. **Recommendations** Update to a version later than 8.6.

**Name of the Vulnerable Software and Affected Versions** Network Device (affected versions not specified) **Description** Exploitation of this issue could allow an attacker to modify firmware and gain full access to the device. Successful exploitation could lead to complete system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2.3 **Description** An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper sanitizing of user input in the Main Web Interface (endpoint `tls iotgen setting`). **Recommendations** Update to version 2.3 or later.

**Name of the Vulnerable Software and Affected Versions** u-link (affected versions not specified) **Description** An unauthenticated remote attacker may exploit a stack-based buffer overflow in the u-link Management `API` to gain full access to affected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ABB AC500 V2 versions through 2.5.2 **Description** A buffer over-read issue exists in ABB AC500 V2. This can potentially lead to unexpected system behavior. **Recommendations** Update ABB AC500 V2 to a version later than 2.5.2.

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper sanitizing of user input in the Main Web Interface. The vulnerable endpoint is `/event mail test`. The lack of input sanitization allows for arbitrary command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Johnson Controls' iSTAR Config Utility versions prior to 6.9.5 **Description** A memory leak flaw in the iSTAR Config Utility could lead to data leaks, potentially exposing sensitive information. The issue affects versions prior to 6.9.5. Updating to version 6.9.5 or later is essential to mitigate this issue. **Recommendations** For versions prior to 6.9.5, update to version 6.9.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iSTAR Configuration Utility (ICU) (affected versions not specified) **Description** The issue is related to a buffer overflow that could occur under certain circumstances in the iSTAR Configuration Utility (ICU) tool. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** exacqVision Client and exacqVision Server (affected versions not specified) **Description** The issue is related to insufficient key length and exchange in the communication between exacqVision Client and exacqVision Server, which may allow a remote attacker to gain unauthorized access to protected information. The communication may use inadequate encryption, potentially compromising the security of the data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software House C•CURE 9000 (affected versions not specified) **Description** The issue arises when the Software House C•CURE 9000 installer utilizes unnecessarily wide permissions under certain circumstances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software House C●CURE 9000 (affected versions not specified) **Description** The issue arises when the Software House C●CURE 9000 installer uses weak credentials under certain circumstances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Johnson Controls Software House iStar Pro Door Controller (affected versions not specified) Description: The issue is related to the lack of authentication for a critical function in the ICU tool and iSTAR Pro door controller, which can be exploited by a remote attacker to perform a Machine-in-the-Middle attack. This could impact door control and configuration. The attack exploits the communication between the ICU tool and the iSTAR Pro door controller. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unitronics Vision versions (affected versions not specified) **Description** The issue is related to the storage of passwords in a recoverable format in the Unitronics Vision programmable logic controllers. This allows an attacker to retrieve the Information Mode password in plain text without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions **Description** The issue is related to an Incorrect Privilege Assignment vulnerability that allows a remote authenticated attacker, logged in as a non-administrator user, to disclose the credentials (user ID and password) of a user with a lower access level than the attacker. This can be achieved by sending a specially crafted packet. The vulnerability may allow an attacker to gain unauthorized access to protected information. **Recommendations** For MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions, consider restricting access to sensitive information and implementing additional security measures to prevent exploitation. For MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions, restrict access to the affected modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric EZSocket versions 3.0 to 5.92 Mitsubishi Electric GT Designer3 Version1(GOT1000) versions 1.325P and prior Mitsubishi Electric GT Designer3 Version1(GOT2000) versions 1.320J and prior Mitsubishi Electric GX Works2 versions 1.11M and later Mitsubishi Electric GX Works3 versions 1.106L and prior Mitsubishi Electric MELSOFT Navigator versions 1.04E to 2.102G Mitsubishi Electric MT Works2 versions 1.190Y and prior Mitsubishi Electric MX Component versions 4.00A to 5.007H Mitsubishi Electric MX OPC Server DA/UA all versions Mitsubishi Electric FR Configurator2 all versions **Description** The issue is related to a lack of authentication for a critical function, allowing a remote attacker to gain unauthorized access to confidential information by sending specially crafted packets. This can enable the attacker to bypass authentication and connect to the products illegally. **Recommendations** For Mitsubishi Electric EZSocket versions 3.0 to 5.92, update to a version that includes a fix for this issue. For Mitsubishi Electric GT Designer3 Version1(GOT1000) versions 1.325P and prior, update to a version that includes a fix for this issue. For Mitsubishi Electric GT Designer3 Version1(GOT2000) versions 1.320J and prior, update to a version that includes a fix for this issue. For Mitsubishi Electric GX Works2 versions 1.11M and later, update to a version that includes a fix for this issue. For Mitsubishi Electric GX Works3 versions 1.106L and prior, update to a version that includes a fix for this issue. For Mitsubishi Electric MELSOFT Navigator versions 1.04E to 2.102G, update to a version that includes a fix for this issue. For Mitsubishi Electric MT Works2 versions 1.190Y and prior, update to a version that includes a fix for this issue. For Mitsubishi Electric MX Component versions 4.00A to 5.007H, update to a version that includes a fix for this issue. For Mitsubishi Electric MX OPC Server DA/UA all versions, update to a version that includes a fix for this issue. For Mitsubishi Electric FR Configurator2 all versions, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92 GT Designer3 Version1(GOT1000) versions 1.325P and prior GT Designer3 Version1(GOT2000) versions 1.320J and prior GX Works2 versions 1.11M and later GX Works3 versions 1.106L and prior MELSOFT Navigator versions 1.04E to 2.102G MT Works2 versions 1.190Y and prior MX Component versions 4.00A to 5.007H MX OPC Server DA/UA all versions FR Configurator2 all versions **Description** The issue is related to the use of externally-controlled input to select classes or code, also known as 'Unsafe Reflection'. This allows a remote unauthenticated attacker to execute malicious code by RPC with a path to a malicious library while connected to the products. The exploitation of this issue may enable a remote attacker to execute arbitrary code by injecting a reference to a malicious library into the loading process. **Recommendations** For EZSocket versions 3.0 to 5.92, update to a version outside of this range to mitigate the risk. For GT Designer3 Version1(GOT1000) versions 1.325P and prior, update to a version later than 1.325P. For GT Designer3 Version1(GOT2000) versions 1.320J and prior, update to a version later than 1.320J. For GX Works2 versions 1.11M and later, no specific mitigation is provided for these versions as they are stated to be affected in a manner that suggests versions after 1.11M may not be vulnerable in the same way, but this is unclear. For GX Works3 versions 1.106L and prior, update to a version later than 1.106L. For MELSOFT Navigator versions 1.04E to 2.102G, update to a version outside of this range. For MT Works2 versions 1.190Y and prior, update to a version later than 1.190Y. For MX Component versions 4.00A to 5.007H, update to a version outside of this range. For MX OPC Server DA/UA all versions, consider disabling the service until a patch is available. For FR Configurator2 all versions, consider restricting access to the software until a patch is available. As a temporary workaround, consider disabling any RPC functionality that allows for the execution of external code until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PLCnext products (affected versions not specified) **Description** A download of code without integrity check issue in PLCnext products allows a remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PLCnext products (affected versions not specified) **Description** A vulnerability due to incorrect permission assignment for critical resources in PLCnext products allows a remote attacker with low privileges to gain full access to the affected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHOENIX CONTACT classic line PLCs (affected versions not specified) AXC 1050 AXC 1050 XC AXC 3050 FC 350 PCI ETH **Description** The issue allows an unauthenticated remote attacker to modify some or all applications on a PLC due to a lack of code integrity check during download. This can potentially lead to unauthorized access, modification, or deletion of data. **Recommendations** For PHOENIX CONTACT classic line PLCs, update to a version that includes a fix for the code integrity check issue. For AXC 1050, consider implementing additional security measures to prevent unauthorized access until a patch is available. For AXC 1050 XC, restrict access to sensitive applications to minimize the risk of exploitation. For AXC 3050, avoid using unverified code sources to prevent potential attacks. For FC 350 PCI ETH, apply configuration changes to enhance security and prevent unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.