Sam Hanson

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned, use: (affected versions not specified) **Description** The issue allows an authenticated user to recover another user's credentials under certain circumstances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned **Description** The issue involves unnecessary user details being provided within system logs under certain circumstances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux (affected versions not specified) **Description** The issue allows an authenticated user to recover a Linux user's credentials under certain circumstances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned. **Description** The web interface may accept characters unrelated to the expected input under certain circumstances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OPCUAServerToolkit (affected versions not specified) **Description** The issue concerns the logging of client connection events. When an OPC UA client successfully connects, the OPCUAServerToolkit logs a message that includes the client's self-defined description field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KEPServerEX versions (affected versions not specified) ThingWorx Kepware Server versions (affected versions not specified) **Description** The issue is related to an uncontrolled search path element, which could allow a locally authenticated adversary to escalate privileges to SYSTEM. This is a type of DLL hijacking vulnerability. **Recommendations** For KEPServerEX, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ThingWorx Kepware Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KEPServerEX (affected versions not specified) **Description** The issue is related to insufficient protection of credentials in KEPServerEX, allowing an adversary to capture user credentials due to the web server's use of basic authentication. This could enable a remote attacker to perform a "man-in-the-middle" attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kepware KEPServerEX versions (affected versions not specified) ThingWorx Kepware Server versions (affected versions not specified) **Description** The issue is related to insufficient input validation, which can be exploited by an adversary to gain access to confidential information. This can be achieved by uploading a malicious project file, allowing the adversary to inject a UNC path and capture NLTMv2 hashes, potentially cracking them offline. **Recommendations** For Kepware KEPServerEX, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ThingWorx Kepware Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KEPServerEX versions (affected versions not specified) ThingWorx Kepware Server versions (affected versions not specified) **Description** The issue is related to an uncontrolled search path element vulnerability, also known as DLL hijacking. This could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, an attacker could host a trojanized version of the software, tricking victims into downloading and installing the malicious version to gain initial access and code execution. **Recommendations** For KEPServerEX, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ThingWorx Kepware Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Omron CJ1M unit versions 4.0 and prior **Description** The issue is related to improper access controls on the memory region where the UM password is stored. An adversary can issue a PROGRAM AREA WRITE command to a specific memory region, potentially overwriting the password. This could lead to disabling UM protections or setting a non-ASCII password, preventing an engineer from viewing or modifying the user program. **Recommendations** For Omron CJ1M unit versions 4.0 and prior, consider restricting access to the PROGRAM AREA WRITE command to minimize the risk of exploitation. As a temporary workaround, limit the ability to modify the UM password to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AutomationDirect DirectLOGIC D0-06 series CPUs versions prior to 2.72 **Description** The issue is related to an uncontrolled resource consumption in the communication modules H0-ECOM and H0-ECOM100 Ethernet controllers of DirectLOGIC. An attacker can exploit this by sending a specially crafted packet to cause a denial-of-service condition, preventing access from DirectSoft and other devices. **Recommendations** For AutomationDirect DirectLOGIC D0-06 series CPUs versions prior to 2.72, update to version 2.72 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AutomationDirect DirectLOGIC versions prior to 6.73 AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73 AutomationDirect C-more EA9 EA9-T6CL-R versions prior to 6.73 AutomationDirect C-more EA9 EA9-T7CL versions prior to 6.73 AutomationDirect C-more EA9 EA9-T7CL-R versions prior to 6.73 AutomationDirect C-more EA9 EA9-T8CL versions prior to 6.73 AutomationDirect C-more EA9 EA9-T10CL versions prior to 6.73 AutomationDirect C-more EA9 EA9-T10WCL versions prior to 6.73 AutomationDirect C-more EA9 EA9-T12CL versions prior to 6.73 AutomationDirect C-more EA9 EA9-T15CL versions prior to 6.73 AutomationDirect C-more EA9 EA9-RHMI versions prior to 6.73 AutomationDirect C-more EA9 EA9-PGMSW versions prior to 6.73 **Description** The issue is related to a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This vulnerability is associated with an uncontrolled search path element, which can be exploited to execute arbitrary code. **Recommendations** For AutomationDirect DirectLOGIC versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T6CL-R versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T7CL versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T7CL-R versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T8CL versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T10CL versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T10WCL versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T12CL versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-T15CL versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-RHMI versions prior to 6.73, update to version 6.73 or later. For AutomationDirect C-more EA9 EA9-PGMSW versions prior to 6.73, update to version 6.73 or later.

**Name of the Vulnerable Software and Affected Versions** AutomationDirect C-more EA9 versions prior to 6.73 **Description** The issue is related to the insecure mechanism used by the AutomationDirect C-more EA9 HTTP webserver to transport credentials from the client to the web server. This may allow an attacker to obtain the login credentials and login as a valid user. The vulnerability is associated with the transmission of data in an open format, which could allow a remote attacker to disclose protected information. **Recommendations** For versions prior to 6.73, update to version 6.73 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AutomationDirect DirectLOGIC D0-06 series CPUs versions prior to 2.72 **Description** The issue is related to a vulnerability that allows an attacker to access the device and make unauthorized changes by sending a specifically crafted serial message to the CPU serial port, causing the PLC to respond with the PLC password in cleartext. This could enable remote attackers to gain unauthorized access to the device by obtaining the password in response to a specially formed message. **Recommendations** For AutomationDirect DirectLOGIC D0-06 series CPUs versions prior to 2.72, update to version 2.72 or later to resolve the issue. As a temporary workaround, consider restricting access to the CPU serial port to minimize the risk of exploitation.