Sangjun Park

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.2.0 **Description** The issue is related to improper privilege management, allowing local attackers to escalate privileges and execute arbitrary code. **Recommendations** For versions prior to 12.2.0, update to version 12.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions 6.0.0 through 16.1.0 **Description** The issue is related to improper privilege management, allowing local attackers to escalate privileges and execute arbitrary code. **Recommendations** For Jungo WinDriver versions 6.0.0 through 16.1.0, update to a version that includes a fix for the improper privilege management issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.5.1 **Description** The issue is related to improper privilege management, allowing local attackers to escalate privileges and execute arbitrary code. This can be exploited by attackers to gain elevated access and perform malicious actions. **Recommendations** For versions prior to 12.5.1, update to version 12.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources and implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.7.0 **Description** A Denial of Service (DoS) issue allows local attackers to cause a Windows blue screen error. **Recommendations** For versions prior to 12.7.0, update to version 12.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.1.0 **Description** The issue is related to improper privilege management, allowing local attackers to escalate privileges and execute arbitrary code. This can be exploited by local attackers. **Recommendations** For versions prior to 12.1.0, update to version 12.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.1.0 **Description** A Denial of Service (DoS) issue allows local attackers to cause a Windows blue screen error. **Recommendations** For versions prior to 12.1.0, update to version 12.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.1.0 **Description** The issue allows local attackers to cause a Windows blue screen error and Denial of Service (DoS) due to an Out-of-Bounds Write vulnerability. **Recommendations** For versions prior to 12.1.0, update to version 12.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.6.0 **Description** A Denial of Service (DoS) issue allows local attackers to cause a Windows blue screen error. **Recommendations** For versions prior to 12.6.0, update to version 12.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.6.0 **Description** The issue allows local attackers to cause a Windows blue screen error and Denial of Service (DoS) due to an Out-of-Bounds Write vulnerability. **Recommendations** For versions prior to 12.6.0, update to version 12.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.5.1 **Description** The issue allows local attackers to cause a Windows blue screen error and Denial of Service (DoS) due to an Out-of-Bounds Write vulnerability. **Recommendations** For versions prior to 12.5.1, update to version 12.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.5.1 **Description** A Denial of Service (DoS) issue allows local attackers to cause a Windows blue screen error. **Recommendations** For versions prior to 12.5.1, update to version 12.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jungo WinDriver versions prior to 12.5.1 **Description** The issue is related to improper privilege management, allowing local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). **Recommendations** For versions prior to 12.5.1, update to version 12.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Security Configuration Tool (SCT) versions prior to V5.0 SP2 SIMATIC Automation Tool versions prior to V5.0 SP2 SIMATIC BATCH V9.1 versions prior to V9.1 SP2 Upd5 SIMATIC NET PC Software V16 versions prior to V16 Update 8 SIMATIC NET PC Software V17 versions prior to the latest version SIMATIC NET PC Software V18 versions prior to V18 SP1 SIMATIC NET PC Software V19 versions prior to V19 Update 2 SIMATIC PCS 7 V9.1 versions prior to V9.1 SP2 UC05 SIMATIC PDM V9.2 versions prior to V9.2 SP2 Upd3 SIMATIC Route Control V9.1 versions prior to V9.1 SP2 Upd3 SIMATIC S7-PCT versions prior to V3.5 SP3 Update 6 SIMATIC STEP 7 V5 versions prior to V5.7 SP3 SIMATIC WinCC OA V3.17 versions prior to the latest version SIMATIC WinCC OA V3.18 versions prior to V3.18 P025 SIMATIC WinCC OA V3.19 versions prior to V3.19 P010 SIMATIC WinCC Runtime Advanced versions prior to V17 Update 8 SIMATIC WinCC Runtime Professional V16 versions prior to V16 Update 6 SIMATIC WinCC Runtime Professional V17 versions prior to V17 Update 8 SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 4 SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2 SIMATIC WinCC V7.4 versions prior to the latest version SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 17 SIMATIC WinCC V8.0 versions prior to V8.0 Update 5 SINAMICS Startdrive versions prior to V19 SP1 SINEC NMS versions prior to V3.0 SP1 SINUMERIK ONE virtual versions prior to V6.23 SINUMERIK PLC Programming Tool versions prior to V3.3.12 TIA Portal Cloud Connector versions prior to V2.0 Totally Integrated Automation Portal (TIA Portal) V15.1 versions prior to the latest version Totally Integrated Automation Portal (TIA Portal) V16 versions prior to the latest version Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8 Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 4 Totally Integrated Automation Portal (TIA Portal) V19 versions prior to V19 Update 2 **Description** The issue is related to an out of bounds read vulnerability in the affected applications. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. The vulnerability is associated with reading beyond the boundaries of memory, which may lead to a denial of service. **Recommendations** For Security Configuration Tool (SCT) versions prior to V5.0 SP2, update to V5.0 SP2 or later. For SIMATIC Automation Tool versions prior to V5.0 SP2, update to V5.0 SP2 or later. For SIMATIC BATCH V9.1 versions prior to V9.1 SP2 Upd5, update to V9.1 SP2 Upd5 or later. For SIMATIC NET PC Software V16 versions prior to V16 Update 8, update to V16 Update 8 or later. For SIMATIC NET PC Software V17, update to the latest version. For SIMATIC NET PC Software V18 versions prior to V18 SP1, update to V18 SP1 or later. For SIMATIC NET PC Software V19 versions prior to V19 Update 2, update to V19 Update 2 or later. For SIMATIC PCS 7 V9.1 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC PDM V9.2 versions prior to V9.2 SP2 Upd3, update to V9.2 SP2 Upd3 or later. For SIMATIC Route Control V9.1 versions prior to V9.1 SP2 Upd3, update to V9.1 SP2 Upd3 or later. For SIMATIC S7-PCT versions prior to V3.5 SP3 Update 6, update to V3.5 SP3 Update 6 or later. For SIMATIC STEP 7 V5 versions prior to V5.7 SP3, update to V5.7 SP3 or later. For SIMATIC WinCC OA V3.17, update to the latest version. For SIMATIC WinCC OA V3.18 versions prior to V3.18 P025, update to V3.18 P025 or later. For SIMATIC WinCC OA V3.19 versions prior to V3.19 P010, update to V3.19 P010 or later. For SIMATIC WinCC Runtime Advanced versions prior to V17 Update 8, update to V17 Update 8 or later. For SIMATIC WinCC Runtime Professional V16 versions prior to V16 Update 6, update to V16 Update 6 or later. For SIMATIC WinCC Runtime Professional V17 versions prior to V17 Update 8, update to V17 Update 8 or later. For SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 4, update to V18 Update 4 or later. For SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2, update to V19 Update 2 or later. For SIMATIC WinCC V7.4, update to the latest version. For SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 17, update to V7.5 SP2 Update 17 or later. For SIMATIC WinCC V8.0 versions prior to V8.0 Update 5, update to V8.0 Update 5 or later. For SINAMICS Startdrive versions prior to V19 SP1, update to V19 SP1 or later. For SINEC NMS versions prior to V3.0 SP1, update to V3.0 SP1 or later. For SINUMERIK ONE virtual versions prior to V6.23, update to V6.23 or later. For SINUMERIK PLC Programming Tool versions prior to V3.3.12, update to V3.3.12 or later. For TIA Portal Cloud Connector versions prior to V2.0, update to V2.0 or later. For Totally Integrated Automation Portal (TIA Portal) V15.1, update to the latest version. For Totally Integrated Automation Portal (TIA Portal) V16, update to the latest version. For Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8, update to V17 Update 8 or later. For Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 4, update to V18 Update 4 or later. For Totally Integrated Automation Portal (TIA Portal) V19 versions prior to V19 Update 2, update to V19 Update 2 or later.

**Name of the Vulnerable Software and Affected Versions** Windows USB Print Driver (affected versions not specified) **Description** The issue is related to insufficient access restrictions in the Windows USB Print Driver, allowing an attacker to potentially elevate their privileges. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. The vulnerability is described as an elevation-of-privilege issue that can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows USB Print Driver (affected versions not specified) **Description** The issue is related to an elevation-of-privilege vulnerability in the Windows USB Print Driver, which is caused by insufficient access restrictions. This vulnerability can be exploited by an attacker to gain elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Common Log File System (affected versions not specified) **Description** The issue is related to insufficient access control in the Common Log File System (CLFS) of Windows operating systems. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Blender (affected versions not specified) **Description** The issue is related to an endless infinite loop in Blender's thumbnailing functionality, caused by logical bugs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Blender version 3.3.0 **Description** A flaw was found that may lead to loss of confidentiality and integrity due to a null pointer dereference in the source/blender/gpu/opengl/gl backend.cc file. **Recommendations** For Blender version 3.3.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Blender version 3.3.0 **Description** A flaw in the software may cause an integer overflow in the `blendthumb extract.cc` file, potentially leading to a program crash or memory corruption. Specifically, when a loaded and valid image is crafted to trigger an out-of-bounds read or write when converted to a thumbnail that is flipped vertically, it may cause a crash. **Recommendations** For Blender version 3.3.0, consider avoiding the use of the `blendthumb extract.cc` function until a patch is available, or refrain from converting crafted images to thumbnails to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.