Tal Keren

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 133.0.6943.126 **Description** The issue allows a remote attacker to potentially exploit heap corruption via a crafted web app, due to a use after free in the Network component. The severity of this issue is classified as Medium by Chromium. **Recommendations** For versions prior to 133.0.6943.126, update to version 133.0.6943.126 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted web apps to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation Studio 5000 Logix Designer (all versions) ControlLogix 5580 (affected versions not specified) GuardLogix 5580 (affected versions not specified) CompactLogix 5380 (affected versions not specified) CompactLogix 5480 (affected versions not specified) Compact GuardLogix 5380 (affected versions not specified) **Description** The issue is related to incorrect code generation management in the programmable logic controllers' firmware. An attacker with administrator access on a workstation running Studio 5000 Logix Designer could inject controller code that is undetectable to a user. This could allow an attacker to embed controller code that a user cannot detect. **Recommendations** For Rockwell Automation Studio 5000 Logix Designer, restrict access to administrator privileges on workstations to minimize the risk of exploitation. For ControlLogix 5580, consider disabling code injection functionality until a fix is available. For GuardLogix 5580, restrict access to the controller code generation management module to minimize the risk of exploitation. For CompactLogix 5380, avoid using the code generation feature in the affected firmware until the issue is resolved. For CompactLogix 5480, consider implementing additional security measures to detect and prevent code injection. For Compact GuardLogix 5380, restrict access to the vulnerable code generation management functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation ControlLogix, CompactLogix, and GuardLogix Control systems (affected versions not specified) Rockwell Automation FlexLogix, DriveLogix, and SoftLogix (affected versions not specified) **Description** The issue allows an attacker to modify user program code on certain control systems. This is possible because the Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, enabling an attacker to change one without affecting the other. The vulnerability is related to the possibility of injecting functionality from an untrusted management environment, which can be exploited by a remote attacker to execute arbitrary code by modifying byte code. **Recommendations** For Rockwell Automation ControlLogix, CompactLogix, and GuardLogix Control systems, consider restricting access to the system to prevent unauthorized modification of user program code until a fix is available. For Rockwell Automation FlexLogix, DriveLogix, and SoftLogix, restrict access to the system to minimize the risk of exploitation. As a temporary workaround, consider disabling the modification of user program code functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 7.3.9 Splunk Enterprise versions 8.0 prior to 8.0.9 Splunk Enterprise versions 8.1 prior to 8.1.3 **Description** The issue is related to the lack of validation of a key-value field in the Splunk-to-Splunk protocol, resulting in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. **Recommendations** For versions prior to 7.3.9, update to version 7.3.9 or later. For versions 8.0 prior to 8.0.9, update to version 8.0.9 or later. For versions 8.1 prior to 8.1.3, update to version 8.1.3 or later. As a partial mitigation and a security best practice, consider securing Splunk forwarding using TLS or a Token to reduce the severity to Medium.