T. Weber

**Name of the Vulnerable Software and Affected Versions** port util.php (affected versions not specified) **Description** An XSS issue exists in the `port util.php` file. An unauthenticated remote attacker can potentially trick an authenticated user into clicking a malicious link, allowing the attacker to modify device configuration parameters accessible through the web-based management interface (WBM). The session cookie is protected by the httpOnly flag, preventing session hijacking. The issue does not grant access to system-level resources or privileged functions. The attack involves manipulating parameters available via the web interface. The API endpoint involved is not specified. The vulnerable parameter is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pxc PortCfg.php (affected versions not specified) **Description** An XSS issue exists in the pxc PortCfg.php file. An unauthenticated remote attacker can potentially trick an authenticated user into clicking a malicious link, allowing the attacker to modify device configuration parameters accessible through the web-based management interface. The vulnerability does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. The attack requires a user to click a link provided by the attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pxc Dot1xCfg.php (affected versions not specified) **Description** An XSS issue exists in pxc Dot1xCfg.php that allows an unauthenticated remote attacker to potentially manipulate an authenticated user into clicking a malicious link. This could lead to changes in device configuration parameters accessible through the web-based management interface (WBM). The vulnerability does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pxc portSecCfg.php (affected versions not specified) **Description** An XSS vulnerability exists in the pxc portSecCfg.php file. An unauthenticated remote attacker can exploit this to manipulate an authenticated user into sending a crafted POST request to the device. This allows modification of parameters accessible through the web-based management interface (WBM). The vulnerability’s impact is limited to device configuration parameters within the web application’s context and does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. The vulnerable file is `pxc portSecCfg.php`. The attack involves manipulating a POST request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pxc vlanIntfCfg.php (affected versions not specified) **Description** An XSS issue exists in `pxc vlanIntfCfg.php`. An unauthenticated remote attacker can manipulate an authenticated user into sending a crafted POST request to the device, potentially altering parameters accessible through the web-based management interface (WBM). The vulnerability’s impact is limited to device configuration parameters within the web application’s context and does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. The vulnerable file is `pxc vlanIntfCfg.php` and the attack involves manipulating a POST request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025-41745 **Description** An XSS issue exists in the `pxc portCntr2.php` file. An unauthenticated remote attacker can manipulate an authenticated user into sending a crafted POST request to the device, potentially altering parameters accessible through the web-based management interface (WBM). The vulnerability’s impact is limited to device configuration parameters within the web application’s scope and does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to the fix for CVE-2025-41752 **Description** An XSS vulnerability exists in the `pxc portSfp.php` file. An unauthenticated remote attacker can exploit this to trick an authenticated user into clicking a malicious link, potentially altering device configuration parameters accessible through the web-based management interface (WBM). The vulnerability does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageIO (affected versions not specified) **Description** An issue exists in ImageIO that could allow for arbitrary code execution through maliciously crafted images. This issue was actively exploited. The vulnerability does not provide access to system-level resources or privileged functions, but allows execution of code via images. An estimated number of affected devices is not available. The session cookie is secured by the httpOnly Flag. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Riello Netman 204 versions through 4.05 Description: The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device. Recommendations: For versions through 4.05, update the software to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Riello Netman 204 versions through 4.05 Description: The issue is related to improper neutralization of special elements, resulting in a SQL Injection vulnerability. This vulnerability is limited to the SQLite database of measurement data. Recommendations: For versions through 4.05, patch the system immediately and review logs for signs of compromise. Prioritize patching on all affected systems. As a temporary workaround, consider restricting access to the SQLite database of measurement data until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PerkinElmer ProcessPlus versions through 1.11.6507.0 **Description** The issue is related to the use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows, allowing an attacker to login and potentially remove data on all prone installations. **Recommendations** For PerkinElmer ProcessPlus versions through 1.11.6507.0, consider changing the hard-coded MSSQL credentials to secure ones as a temporary workaround, until a patch is available. Restrict access to the MSSQL database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PerkinElmer ProcessPlus versions through 1.11.6507.0 **Description** The issue allows an attacker to spawn a remote shell on the Windows system due to execution with unnecessary privileges in PerkinElmer ProcessPlus. **Recommendations** For versions through 1.11.6507.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PerkinElmer ProcessPlus versions through 1.11.6507.0 **Description** The issue is related to a local file inclusion in PerkinElmer ProcessPlus, allowing files on the Windows system to be accessible without authentication to external parties. **Recommendations** For versions through 1.11.6507.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SEH Computertechnik utnserver Pro versions prior to 20.1.23 SEH Computertechnik utnserver ProMAX versions prior to 20.1.23 SEH Computertechnik INU-100 versions prior to 20.1.23 Description: The issue is related to missing input validation in the web-interface of the affected devices, allowing stored Cross-Site Scripting (XSS). This can be exploited by attackers to inject malicious scripts into the web-interface. Recommendations: For SEH Computertechnik utnserver Pro versions prior to 20.1.23, update to version 20.1.23 to stay secure. For SEH Computertechnik utnserver ProMAX versions prior to 20.1.23, update to version 20.1.23 to stay secure. For SEH Computertechnik INU-100 versions prior to 20.1.23, update to version 20.1.23 to stay secure.

Name of the Vulnerable Software and Affected Versions: utnserver Pro versions 20.1.22 and below utnserver ProMAX versions 20.1.22 and below INU-100 versions 20.1.22 and below Description: The issue is related to missing input validation and OS command integration in the web-interface of the affected products, allowing authenticated command injection. Recommendations: For utnserver Pro versions 20.1.22 and below, update to a version above 20.1.22 to resolve the issue. For utnserver ProMAX versions 20.1.22 and below, update to a version above 20.1.22 to resolve the issue. For INU-100 versions 20.1.22 and below, update to a version above 20.1.22 to resolve the issue. As a temporary workaround, consider restricting access to the web-interface of the affected products until a patch is available.

Name of the Vulnerable Software and Affected Versions: SEH Computertechnik utnserver Pro versions 20.1.22 and below SEH Computertechnik utnserver ProMAX versions 20.1.22 and below SEH Computertechnik INU-100 versions 20.1.22 and below Description: An uncontrolled resource consumption of file descriptors in the affected software allows a denial of service (DoS) via HTTP. Recommendations: For versions 20.1.22 and below of utnserver Pro, utnserver ProMAX, and INU-100, consider restricting access to HTTP endpoints to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling HTTP services on the affected devices until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IAP-420 versions 2.01e and below **Description** The issue is related to missing input validation in the ORing IAP-420 web-interface, which allows stored Cross-Site Scripting (XSS). This problem is being actively exploited. **Recommendations** For IAP-420 versions 2.01e and below, update to a version above 2.01e to resolve the issue. As a temporary workaround, consider restricting access to the web-interface to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: IAP-420 versions 2.01e and below Description: The issue is related to missing input validation and OS command integration in the IAP-420 web-interface, allowing authenticated command injection. Recommendations: For IAP-420 versions 2.01e and below, consider disabling access to the web-interface until a patch is available. As a temporary workaround, restrict access to the vulnerable web-interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHOENIX CONTACT TC ROUTER versions prior to 2.07.2 PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2 PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10 **Description** The issue allows an unauthenticated remote attacker to use a reflective XSS within the license viewer page of the devices to execute code in the context of the user's browser. This is due to the lack of protection measures for the web page structure. **Recommendations** For PHOENIX CONTACT TC ROUTER versions prior to 2.07.2, update to version 2.07.2 or later. For PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2, update to version 2.07.2 or later. For PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10, update to version 2.06.10 or later. As a temporary workaround, consider restricting access to the license viewer page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHOENIX CONTACT TC ROUTER versions prior to 2.07.2 PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2 PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10 **Description** The issue is related to the incorrect restriction of XML links to external objects in PHOENIX CONTACT's TC ROUTER and TC CLOUD CLIENT. An authenticated remote attacker with admin privileges could upload a crafted XML file, causing a denial-of-service. **Recommendations** For PHOENIX CONTACT TC ROUTER versions prior to 2.07.2, update to version 2.07.2 or later. For PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2, update to version 2.07.2 or later. For PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10, update to version 2.06.10 or later.