Stefan Viehböck

Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 (CP300) (All versions) SIPROTEC 5 6MD85 (CP200) (All versions) SIPROTEC 5 6MD85 (CP300) (All versions) SIPROTEC 5 6MD86 (CP200) (All versions) SIPROTEC 5 6MD86 (CP300) (All versions) SIPROTEC 5 6MD89 (CP300) (All versions) SIPROTEC 5 6MU85 (CP300) (All versions) SIPROTEC 5 7KE85 (CP200) (All versions) SIPROTEC 5 7KE85 (CP300) (All versions) SIPROTEC 5 7SA82 (CP100) (All versions) SIPROTEC 5 7SA82 (CP150) (All versions) SIPROTEC 5 7SA86 (CP200) (All versions) SIPROTEC 5 7SA86 (CP300) (All versions) SIPROTEC 5 7SA87 (CP200) (All versions) SIPROTEC 5 7SA87 (CP300) (All versions) SIPROTEC 5 7SD82 (CP100) (All versions) SIPROTEC 5 7SD82 (CP150) (All versions) SIPROTEC 5 7SD86 (CP200) (All versions) SIPROTEC 5 7SD86 (CP300) (All versions) SIPROTEC 5 7SD87 (CP200) (All versions) SIPROTEC 5 7SD87 (CP300) (All versions) SIPROTEC 5 7SJ81 (CP100) (All versions) SIPROTEC 5 7SJ81 (CP150) (All versions) SIPROTEC 5 7SJ82 (CP100) (All versions) SIPROTEC 5 7SJ82 (CP150) (All versions) SIPROTEC 5 7SJ85 (CP200) (All versions) SIPROTEC 5 7SJ85 (CP300) (All versions) SIPROTEC 5 7SJ86 (CP200) (All versions) SIPROTEC 5 7SJ86 (CP300) (All versions) SIPROTEC 5 7SK82 (CP100) (All versions) SIPROTEC 5 7SK82 (CP150) (All versions) SIPROTEC 5 7SK85 (CP200) (All versions) SIPROTEC 5 7SK85 (CP300) (All versions) SIPROTEC 5 7SL82 (CP100) (All versions) SIPROTEC 5 7SL82 (CP150) (All versions) SIPROTEC 5 7SL86 (CP200) (All versions) SIPROTEC 5 7SL86 (CP300) (All versions) SIPROTEC 5 7SL87 (CP200) (All versions) SIPROTEC 5 7SL87 (CP300) (All versions) SIPROTEC 5 7SS85 (CP200) (All versions) SIPROTEC 5 7SS85 (CP300) (All versions) SIPROTEC 5 7ST85 (CP200) (All versions) SIPROTEC 5 7ST85 (CP300) (All versions) SIPROTEC 5 7ST86 (CP300) (All versions) SIPROTEC 5 7SX82 (CP150) (All versions) SIPROTEC 5 7SX85 (CP300) (All versions) SIPROTEC 5 7SY82 (CP150) (All versions) SIPROTEC 5 7UM85 (CP300) (All versions) SIPROTEC 5 7UT82 (CP100) (All versions) SIPROTEC 5 7UT82 (CP150) (All versions) SIPROTEC 5 7UT85 (CP200) (All versions) SIPROTEC 5 7UT85 (CP300) (All versions) SIPROTEC 5 7UT86 (CP200) (All versions) SIPROTEC 5 7UT86 (CP300) (All versions) SIPROTEC 5 7UT87 (CP200) (All versions) SIPROTEC 5 7UT87 (CP300) (All versions) SIPROTEC 5 7VE85 (CP300) (All versions) SIPROTEC 5 7VK87 (CP200) (All versions) SIPROTEC 5 7VK87 (CP300) (All versions) SIPROTEC 5 7VU85 (CP300) (All versions) SIPROTEC 5 Compact 7SX800 (CP050) (All versions) Description: The affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 (CP300) versions prior to V9.90 SIPROTEC 5 6MD85 (CP200) versions prior to V9.90 SIPROTEC 5 6MD85 (CP300) versions prior to V9.90 SIPROTEC 5 6MD86 (CP200) versions prior to V9.90 SIPROTEC 5 6MD86 (CP300) versions prior to V9.90 SIPROTEC 5 6MD89 (CP300) versions prior to V9.90 SIPROTEC 5 6MU85 (CP300) versions prior to V9.90 SIPROTEC 5 7KE85 (CP200) versions prior to V9.90 SIPROTEC 5 7KE85 (CP300) versions prior to V9.90 SIPROTEC 5 7SA82 (CP100) versions prior to V9.90 SIPROTEC 5 7SA82 (CP150) versions prior to V9.90 SIPROTEC 5 7SA86 (CP200) versions prior to V9.90 SIPROTEC 5 7SA86 (CP300) versions prior to V9.90 SIPROTEC 5 7SA87 (CP200) versions prior to V9.90 SIPROTEC 5 7SA87 (CP300) versions prior to V9.90 SIPROTEC 5 7SD82 (CP100) versions prior to V9.90 SIPROTEC 5 7SD82 (CP150) versions prior to V9.90 SIPROTEC 5 7SD86 (CP200) versions prior to V9.90 SIPROTEC 5 7SD86 (CP300) versions prior to V9.90 SIPROTEC 5 7SD87 (CP200) versions prior to V9.90 SIPROTEC 5 7SD87 (CP300) versions prior to V9.90 SIPROTEC 5 7SJ81 (CP100) versions prior to V9.90 SIPROTEC 5 7SJ81 (CP150) versions prior to V9.90 SIPROTEC 5 7SJ82 (CP100) versions prior to V9.90 SIPROTEC 5 7SJ82 (CP150) versions prior to V9.90 SIPROTEC 5 7SJ85 (CP200) versions prior to V9.90 SIPROTEC 5 7SJ85 (CP300) versions prior to V9.90 SIPROTEC 5 7SJ86 (CP200) versions prior to V9.90 SIPROTEC 5 7SJ86 (CP300) versions prior to V9.90 SIPROTEC 5 7SK82 (CP100) versions prior to V9.90 SIPROTEC 5 7SK82 (CP150) versions prior to V9.90 SIPROTEC 5 7SK85 (CP200) versions prior to V9.90 SIPROTEC 5 7SK85 (CP300) versions prior to V9.90 SIPROTEC 5 7SL82 (CP100) versions prior to V9.90 SIPROTEC 5 7SL82 (CP150) versions prior to V9.90 SIPROTEC 5 7SL86 (CP200) versions prior to V9.90 SIPROTEC 5 7SL86 (CP300) versions prior to V9.90 SIPROTEC 5 7SL87 (CP200) versions prior to V9.90 SIPROTEC 5 7SL87 (CP300) versions prior to V9.90 SIPROTEC 5 7SS85 (CP200) versions prior to V9.90 SIPROTEC 5 7SS85 (CP300) versions prior to V9.90 SIPROTEC 5 7ST85 (CP200) versions prior to V9.90 SIPROTEC 5 7ST85 (CP300) versions prior to V9.90 SIPROTEC 5 7ST86 (CP300) versions prior to V9.90 SIPROTEC 5 7SX82 (CP150) versions prior to V9.90 SIPROTEC 5 7SX85 (CP300) versions prior to V9.90 SIPROTEC 5 7SY82 (CP150) versions prior to V9.90 SIPROTEC 5 7UM85 (CP300) versions prior to V9.90 SIPROTEC 5 7UT82 (CP100) versions prior to V9.90 SIPROTEC 5 7UT82 (CP150) versions prior to V9.90 SIPROTEC 5 7UT85 (CP200) versions prior to V9.90 SIPROTEC 5 7UT85 (CP300) versions prior to V9.90 SIPROTEC 5 7UT86 (CP200) versions prior to V9.90 SIPROTEC 5 7UT86 (CP300) versions prior to V9.90 SIPROTEC 5 7UT87 (CP200) versions prior to V9.90 SIPROTEC 5 7UT87 (CP300) versions prior to V9.90 SIPROTEC 5 7VE85 (CP300) versions prior to V9.90 SIPROTEC 5 7VK87 (CP200) versions prior to V9.90 SIPROTEC 5 7VK87 (CP300) versions prior to V9.90 SIPROTEC 5 7VU85 (CP300) versions prior to V9.90 SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.90 Description: The affected devices do not properly limit access to a development shell accessible over a physical interface. This could allow an unauthenticated attacker with physical access to the device to execute arbitrary commands on the device. Recommendations: For SIPROTEC 5 6MD84 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MD89 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 6MU85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7KE85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7KE85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SA87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SD87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ81 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ81 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SJ86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SK82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SK82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SK85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SK85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SL87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SS85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SS85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7ST85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7ST85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7ST86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SX82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SX85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7SY82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UM85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT82 (CP100) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT82 (CP150) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT85 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT86 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT86 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7UT87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7VE85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7VK87 (CP200) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7VK87 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 7VU85 (CP300) versions prior to V9.90, update to version V9.90 or later. For SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.90, update to version V9.90 or later.

**Name of the Vulnerable Software and Affected Versions** SIPROTEC 5 6MD84 (CP300) versions prior to V9.80 SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.89 SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SA82 (CP100) versions 7.80 and later SIPROTEC 5 7SA82 (CP150) versions prior to V9.80 SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SD82 (CP100) versions 7.80 and later SIPROTEC 5 7SD82 (CP150) versions prior to V9.80 SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SJ81 (CP100) versions 7.80 and later SIPROTEC 5 7SJ81 (CP150) versions prior to V9.80 SIPROTEC 5 7SJ82 (CP100) versions 7.80 and later SIPROTEC 5 7SJ82 (CP150) versions prior to V9.80 SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SK82 (CP100) versions 7.80 and later SIPROTEC 5 7SK82 (CP150) versions prior to V9.80 SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SL82 (CP100) versions 7.80 and later SIPROTEC 5 7SL82 (CP150) versions prior to V9.80 SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7ST85 (CP300) versions prior to V9.80 SIPROTEC 5 7ST86 (CP300) versions prior to V9.80 SIPROTEC 5 7SX82 (CP150) versions prior to V9.80 SIPROTEC 5 7SX85 (CP300) versions prior to V9.80 SIPROTEC 5 7SY82 (CP150) versions prior to V9.80 SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT82 (CP100) versions 7.80 and later SIPROTEC 5 7UT82 (CP150) versions prior to V9.80 SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VU85 (CP300) versions prior to V9.80 SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.80 **Description** The affected devices do not properly limit the path accessible via their webserver, allowing an authenticated remote attacker to read arbitrary files from the filesystem of affected devices. **Recommendations** For SIPROTEC 5 6MD84 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.89, update to version V9.90 or later. For SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SA82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SA82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SD82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SD82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SJ81 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SJ81 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SJ82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SJ82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SK82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SK82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SL82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SL82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7ST85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7ST86 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SX82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SX85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SY82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7UT82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VU85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.80, update to version V9.80 or later.

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V05.30 Description: A vulnerability has been identified in the CPCI85 Central Processing/Communication devices. The affected devices contain a secure element connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files. Recommendations: For versions prior to V05.30, consider restricting physical access to the SPI bus as a temporary mitigation measure until a patch is available. Additionally, avoid using the secure element for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0 Description: A vulnerability has been identified that allows a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. The issue is related to the lack of authentication for a critical function, which can be exploited by a remote attacker to lower the device's firmware version. Recommendations: For CPCI85 Central Processing/Communication versions prior to V5.40, update to version V5.40 or later to resolve the issue. For SICORE Base system versions prior to V1.4.0, update to version V1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the devices and limiting remote access to authenticated users only until a patch is applied.

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.30 SICORE Base system versions prior to V1.3.0 Description: A command injection vulnerability exists due to missing server-side input sanitation in the web interface of affected devices. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. Recommendations: For CPCI85 Central Processing/Communication versions prior to V5.30, update to version V5.30 or later. For SICORE Base system versions prior to V1.3.0, update to version V1.3.0 or later. As a temporary workaround, consider restricting access to the web interface of affected devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05 **Description** A vulnerability has been identified that involves an exposed UART console login interface. This issue could allow an attacker with direct physical access to attempt bruteforcing or cracking the root password to gain login access to the device. The vulnerability is related to the web server software of the Siemens SICAM processor control modules, specifically affecting the CP-8031 and CP-8050 models. Exploitation of this vulnerability may enable an attacker to elevate their privileges to the root level. **Recommendations** For CP-8031 MASTER MODULE versions prior to CPCI85 V05, consider restricting physical access to the device to prevent potential bruteforcing or password cracking attempts until a patch or update is available. For CP-8050 MASTER MODULE versions prior to CPCI85 V05, consider restricting physical access to the device to prevent potential bruteforcing or password cracking attempts until a patch or update is available. As a temporary workaround, consider disabling the UART console login interface on both CP-8031 and CP-8050 MASTER MODULEs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05 **Description** A vulnerability has been identified that involves the use of hard-coded credentials in the firmware of the affected devices. This could allow an attacker with direct physical access to exploit the vulnerability for UART console login to the device, potentially leading to privilege escalation. **Recommendations** For CP-8031 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. For CP-8050 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the devices until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05 **Description** A vulnerability has been identified in the web interface of affected devices due to missing server-side input sanitation, making it vulnerable to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. **Recommendations** For CP-8031 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. For CP-8050 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface of affected devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05 **Description** The issue is related to insufficient argument checking in the web server of the Siemens SICAM CP-8031 and CP-8050 processor control modules. This can be exploited by a remote attacker to execute arbitrary commands via the web server port 443/tcp if the `Remote Operation` parameter is enabled. By default, the `Remote Operation` parameter is disabled. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device. **Recommendations** For CP-8031 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. For CP-8050 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. As a temporary workaround, consider disabling the `Remote Operation` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** jefferson versions prior to 0.4.1 **Description** A path traversal issue affects jefferson's JFFS2 filesystem extractor. Attackers can craft malicious JFFS2 files to force jefferson to write outside of the extraction directory. **Recommendations** For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the JFFS2 filesystem extractor until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Barracuda CloudGen WAN versions prior to 8 webui-sdwan-1089-8.3.1-174141891 **Description** The vulnerability is related to insufficient protection of the web interface structure in Barracuda CloudGen WAN when handling the `/ajax/update certificate` endpoint. Exploitation of this issue may allow a remote attacker to execute arbitrary commands by sending specially crafted HTTP requests. For example, a `name` field can contain `:password` and a `password` field can contain shell metacharacters. **Recommendations** For versions prior to 8 webui-sdwan-1089-8.3.1-174141891, update to version 8 webui-sdwan-1089-8.3.1-174141891 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/ajax/update certificate` endpoint until a patch is available. Avoid using the `name` and `password` fields in the affected API endpoint with potentially malicious input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Technicolor C2000T and C2100T (affected versions not specified) **Description** The issue concerns the use of hard-coded cryptographic keys in the devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server (affected versions not specified) **Description** The issue allows an attacker to use an undocumented user account `default` with its default password to login to XMeye and access or view video streams. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ADB broadband gateways / routers based on the Epicentro platform (affected versions not specified) **Description** A privilege escalation issue affects the devices, allowing attackers to access the command line interface (CLI) if it was previously disabled by the ISP, escalate privileges, and conduct further attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libmtk (MediaTek SDK) versions (affected versions not specified) **Description** The issue is related to weaknesses in the authentication procedure of the http module for libmtk, which is used in WiMAX routers based on the MediaTek SDK. This allows a remote attacker to bypass authentication and gain administrator access to the device. The exploitation involves sending a specially crafted POST request to the `commit2.cgi` script with a new password in the `ADMIN POST` parameter, effectively changing the administrator password. **Recommendations** For libmtk (MediaTek SDK), at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `commit2.cgi` script to minimize the risk of exploitation. Avoid using the `ADMIN POST` parameter in the affected POST request until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** KCodes NetUSB module for the Linux kernel (affected versions not specified) **Description** The issue is caused by a stack-based buffer overflow in the `run init sbus` function of the NetUSB driver. This can be exploited by a remote attacker using a specially crafted TCP packet containing a long computer name (at least 64 bytes) to execute arbitrary code. The vulnerability can be triggered through a session on TCP port 20005. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-LINK Archer C5 versions 1.2 with firmware before 150317 TP-LINK Archer C7 version 2.0 with firmware before 150304 TP-LINK Archer C8 version 1.0 with firmware before 150316 TP-LINK Archer C9 version 1.0 TP-LINK TL-WDR3500 version 1.0 with firmware before 150302 TP-LINK TL-WDR3600 version 1.0 with firmware before 150302 TP-LINK TL-WDR4300 version 1.0 with firmware before 150302 TP-LINK TL-WR740N version 5.0 with firmware before 150312 TP-LINK TL-WR741ND version 5.0 with firmware before 150312 TP-LINK TL-WR841N versions 9.0 through 10.0 with firmware before 150310 TP-LINK TL-WR841ND versions 9.0 through 10.0 with firmware before 150310 **Description** The issue is related to a directory traversal vulnerability that allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH INFO to "login/". This can be exploited to bypass authentication procedures and read or write arbitrary files in the system. The vulnerability is due to incorrect restriction of the path name to a directory with limited access. **Recommendations** For TP-LINK Archer C5 version 1.2, update the firmware to version 150317 or later. For TP-LINK Archer C7 version 2.0, update the firmware to version 150304 or later. For TP-LINK Archer C8 version 1.0, update the firmware to version 150316 or later. For TP-LINK Archer C9 version 1.0, update the firmware to a version that addresses the issue. For TP-LINK TL-WDR3500 version 1.0, update the firmware to version 150302 or later. For TP-LINK TL-WDR3600 version 1.0, update the firmware to version 150302 or later. For TP-LINK TL-WDR4300 version 1.0, update the firmware to version 150302 or later. For TP-LINK TL-WR740N version 5.0, update the firmware to version 150312 or later. For TP-LINK TL-WR741ND version 5.0, update the firmware to version 150312 or later. For TP-LINK TL-WR841N versions 9.0 through 10.0, update the firmware to version 150310 or later. For TP-LINK TL-WR841ND versions 9.0 through 10.0, update the firmware to version 150310 or later. As a temporary workaround, consider restricting access to the "login/" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Symantec Critical System Protection (SCSP) versions 5.2.9 through MP6 Symantec Data Center Security: Server Advanced (SDCS:SA) versions 6.0.x through 6.0 MP1 **Description** A cross-site scripting (XSS) issue exists in the ajaxswing webui component of the Management Console server. This allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Symantec Critical System Protection (SCSP) versions 5.2.9 through MP6, update to a version later than MP6 to resolve the issue. For Symantec Data Center Security: Server Advanced (SDCS:SA) versions 6.0.x through 6.0 MP1, update to a version later than 6.0 MP1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** VDG Security SENSE (formerly DIVA) version 2.3.13 **Description** The issue allows remote attackers to gain login access by leveraging knowledge of a password hash, as the system performs authentication with a password hash instead of a password. **Recommendations** For VDG Security SENSE (formerly DIVA) version 2.3.13, consider updating to a version that performs authentication with passwords instead of password hashes to prevent remote attackers from gaining login access by leveraging knowledge of a password hash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.