The Industrial

**Name of the Vulnerable Software and Affected Versions** ZGR TPS200 NG version 2.00 firmware and 1.01 hardware **Description** The issue allows an attacker with access to the network where the affected asset is located to operate and change several parameters without having to be registered as a user on the web that owns the device. This is due to the device not properly accepting specially constructed requests. **Recommendations** For ZGR TPS200 NG version 2.00 firmware and 1.01 hardware, consider restricting access to the device's network to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to change parameters without proper user registration. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ZGR TPS200 NG version 2.00 (firmware) and version 1.01 (hardware) **Description** The firmware upload process in the affected device does not have restrictions, allowing an attacker to modify the firmware and re-upload it via the web with malicious modifications. This can render the device unusable. **Recommendations** For ZGR TPS200 NG version 2.00 (firmware) and version 1.01 (hardware), consider restricting access to the firmware upload process via the web to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ZGR TPS200 NG version 2.00 firmware and 1.01 hardware **Description** The issue allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system. **Recommendations** For ZGR TPS200 NG version 2.00 firmware and 1.01 hardware, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ZGR TPS200 NG version 2.00 **Description** The issue allows a remote attacker to perform actions with the permissions of a victim user, given that the victim has an active session and triggers a malicious request. **Recommendations** For ZGR TPS200 NG version 2.00, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 (affected versions not specified) **Description** The issue is related to a Denial-of-Service condition where the communication protocols and device access lack authentication measures. Remote attackers can exploit this by sending specially crafted IP packets to cause a denial of service on the PLC's network communication module, effectively stopping all network communication. The automation task remains unaffected. To restore network connectivity, the device must be restarted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.