Tenable

**Name of the Vulnerable Software and Affected Versions** SolarWinds Web Help Desk (affected versions not specified) **Description** A denial-of-service issue exists where exploitation could cause the server to crash due to insufficient memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics COMMGR2 (affected versions not specified) **Description** Delta Electronics COMMGR2 contains a buffer over-read denial-of-service issue. This flaw allows for a denial-of-service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics COMMGR2 (affected versions not specified) **Description** Delta Electronics COMMGR2 is affected by a stack-based buffer overflow. The issue involves a 64-byte buffer combined with the use of `strcpy`, leading to a lack of bounds checking and potential overflow of more than 64 bytes, which can overwrite the return address and allow for code execution. This allows for remote code execution with no authentication required, posing a significant risk to industrial networks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAView (affected versions not specified) **Description** DIAView contains security issues related to missing authentication for a critical function. Remote attackers may be able to gain unauthorized access to the system by exploiting this flaw. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAView (affected versions not specified) **Description** DIAView, a data collection and process control automation system, contains issues related to security. One issue involves a lack of authentication for a critical function, potentially allowing a remote attacker to gain unauthorized access to the system. Another issue is the use of a hardcoded cryptographic key, which could allow a remote attacker to compromise the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.1 Description: A remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in the registry path HKEY LOCAL MACHINESOFTWAREWOW6432NodeIpswitch. This could allow an attacker to execute arbitrary code. The vulnerability is related to errors in the use of privileged application programming interfaces (API). Recommendations: For versions prior to 2024.0.1, update to version 2024.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the NmAPI.exe to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Secomea GateManager versions prior to 9.4.621054022 Description: The issue allows an authenticated attacker to execute malicious code on the server due to the upload of code without an integrity check in the firmware archive of Secomea GateManager. Recommendations: For versions prior to 9.4.621054022, update to version 9.4.621054022 or later to resolve the issue. As a temporary workaround, consider restricting access to the firmware archive to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Secomea GateManager versions prior to 9.4 Description: A Cross-site Scripting (XSS) issue in the web GUI allows an attacker to inject arbitrary javascript code. Recommendations: For versions prior to 9.4, update to version 9.4 or later to resolve the issue.