Richard Thomas

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact HMIs BTP 2043W, BTP 2070W, and BTP 2102W versions all **Description** Uncontrolled Resource Consumption can be exploited to cause the devices to become unresponsive and not accurately update the display content, resulting in a Denial of Service. **Recommendations** For all versions, consider implementing measures to limit resource consumption to prevent the devices from becoming unresponsive. As a temporary workaround, restrict access to the devices until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 81 Thunderbird versions prior to 78.3 Firefox ESR versions prior to 78.3 **Description** The issue allows an attacker to exploit an Open Redirect vulnerability on a website, potentially spoofing the site displayed in the download file dialog. This could make it appear as if the file was downloaded from the original site, rather than the actual site it came from. **Recommendations** For Firefox versions prior to 81, update to version 81 or later. For Thunderbird versions prior to 78.3, update to version 78.3 or later. For Firefox ESR versions prior to 78.3, update to version 78.3 or later.

**Name of the Vulnerable Software and Affected Versions** SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions) SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions) SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions) SIMATIC HMI KTP700F Mobile Arctic (All versions) SIMATIC HMI Mobile Panels 2nd Generation (All versions) SIMATIC WinCC Runtime Advanced (All versions) **Description** A vulnerability has been identified that could allow an attacker to capture plain text communication between the configuration software and the device, potentially gaining access to sensitive information. This is due to unencrypted communication. **Recommendations** For SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants), consider implementing encrypted communication protocols to protect data. For SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants), restrict access to the configuration software to minimize the risk of exploitation. For SIMATIC HMI Comfort Panels (incl. SIPLUS variants), ensure all communication is encrypted to prevent plain text capture. For SIMATIC HMI KTP700F Mobile Arctic, disable any features that rely on unencrypted communication until a secure method is implemented. For SIMATIC HMI Mobile Panels 2nd Generation, limit access to sensitive information by implementing secure authentication and authorization mechanisms. For SIMATIC WinCC Runtime Advanced, update the configuration software to use encrypted communication protocols.

**Name of the Vulnerable Software and Affected Versions** Drupal RESTful module versions 7.x-1.x before 7.x-1.3 **Description** The issue concerns the RESTful module for Drupal, where it fails to properly cache pages for authenticated users when non-cookie authentication providers are used. This allows remote attackers to obtain sensitive information. **Recommendations** For versions prior to 7.x-1.3, update to version 7.x-1.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ctools module versions 7.x-1.x through 7.x-1.6 **Description** The issue allows remote attackers to obtain sensitive node titles. This can be achieved through an autocomplete search on custom entities without an access query tag or by leveraging knowledge of the ID of an entity. **Recommendations** For ctools module versions 7.x-1.x through 7.x-1.6, update to version 7.x-1.7 or later to resolve the issue.