Securekomodo

**Name of the Vulnerable Software and Affected Versions** AMCS Group Trux Waste Management Software versions prior to 7.19.0018.26912 **Description** An issue in the Trux Waste Management Software allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components. This could allow attackers with local network access to take complete control of the application and gain unrestricted access to sensitive ERP databases. **Recommendations** For versions prior to 7.19.0018.26912, update to version 7.19.0018.26912 or later to resolve the issue. As a temporary workaround, consider restricting access to the TxUtilities.dll and TruxUser.cfg components to minimize the risk of exploitation.