Thomas Riedmaier

**Name of the Vulnerable Software and Affected Versions** Primavera P6 Enterprise Project Portfolio Management versions 20.12.1.0 through 20.12.21.5 Primavera P6 Enterprise Project Portfolio Management versions 21.12.1.0 through 21.12.20.0 Primavera P6 Enterprise Project Portfolio Management version 22.12.1.0 **Description** The issue is related to improper authorization in the Web Access component of Primavera P6 Enterprise Project Portfolio Management. It allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data. **Recommendations** For versions 20.12.1.0 through 20.12.21.5, update to a version that includes the fix for this issue. For versions 21.12.1.0 through 21.12.20.0, update to a version that includes the fix for this issue. For version 22.12.1.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Web Access component until a patch is available.

Name of the Vulnerable Software and Affected Versions: TXOne Networks Portable Inspector version 1.0.0 TXOne Networks Portable Inspector Pro Edition version 1.0.0 Description: The issue is related to improper input validation in the Management Program of TXOne Networks Portable Inspector and Portable Inspector Pro Edition, allowing a remote attacker to crash the management service, resulting in a Denial of Service situation. This situation can be resolved by restarting the management service. Recommendations: For TXOne Networks Portable Inspector version 1.0.0, restart the management service to resolve the Denial of Service situation. For TXOne Networks Portable Inspector Pro Edition version 1.0.0, restart the management service to resolve the Denial of Service situation. As a temporary workaround, consider restarting the management service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SINEC NMS versions prior to V3.0 SP1 **Description** A vulnerability has been identified in the affected application, which contains a database function that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system. The issue is related to the incorrect assignment of permissions for a critical resource, allowing an attacker to record arbitrary data in any location of the host's file system. **Recommendations** For versions prior to V3.0 SP1, update to the latest version immediately to stay protected. As a temporary workaround, consider restricting access to the database function to minimize the risk of exploitation. Avoid using the vulnerable database function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SINEC NMS versions prior to V3.0 **Description** A path traversal vulnerability has been identified in the importCertificate function of the SINEC NMS Control web application. This could allow an authenticated attacker to delete arbitrary certificate files on the drive where SINEC NMS is installed. **Recommendations** For versions prior to V3.0, consider disabling the `importCertificate` function until a patch is available to prevent potential exploitation. Restrict access to the SINEC NMS Control web application to minimize the risk of arbitrary certificate file deletion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PTC Creo Elements/Direct License Server versions 20.7.0.0 and earlier **Description** The PTC Creo Elements/Direct License Server exposes a web interface that can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. This issue is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code. The vulnerable License Server provides a web interface that can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. This vulnerability can lead to lateral movement in industrial organizations, and the product is used worldwide, including in critical manufacturing sectors. However, PTC noted that they have no indications and were not aware of this vulnerability being exploited or previously exploited. **Recommendations** For versions 20.7.0.0 and earlier, update to version 20.7.0.1 or later, which includes the patch for this issue. As a temporary workaround, consider restricting access to the License Server's web interface to minimize the risk of exploitation. Avoid using the License Server in an environment where it can be accessed by unauthenticated remote attackers.

**Name of the Vulnerable Software and Affected Versions** SINEC NMS versions prior to V2.0 SP1 **Description** A vulnerability has been identified in the affected application, allowing users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, potentially leading to remote code execution. **Recommendations** For versions prior to V2.0 SP1, update to V2.0 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the TFTP upload functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RUGGEDCOM RST2228 versions prior to V5.9.0 RUGGEDCOM RST2228P versions prior to V5.9.0 **Description** A vulnerability has been identified in the web server of the affected systems, which leaks the MACSEC key in clear text to a logged-in user. This could allow an attacker with low-privileged user credentials to retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients. The issue is related to inadequate access control in the Ethernet Frame Handler component of the RUGGEDCOM Ethernet switch microprogram software, which may enable a remote attacker to gain unauthorized access to protected information. **Recommendations** For RUGGEDCOM RST2228 versions prior to V5.9.0, update to version V5.9.0 or later to resolve the issue. For RUGGEDCOM RST2228P versions prior to V5.9.0, update to version V5.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server of the affected systems to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RUGGEDCOM i800 RUGGEDCOM i800NC RUGGEDCOM i801 RUGGEDCOM i801NC RUGGEDCOM i802 RUGGEDCOM i802NC RUGGEDCOM i803 RUGGEDCOM i803NC RUGGEDCOM M2100 RUGGEDCOM M2100NC RUGGEDCOM M2200 RUGGEDCOM M2200NC RUGGEDCOM M969 RUGGEDCOM M969NC RUGGEDCOM RMC30 RUGGEDCOM RMC30NC RUGGEDCOM RMC8388 V4.X RUGGEDCOM RMC8388 V5.X RUGGEDCOM RMC8388NC V4.X RUGGEDCOM RMC8388NC V5.X RUGGEDCOM RP110 RUGGEDCOM RP110NC RUGGEDCOM RS1600 RUGGEDCOM RS1600F RUGGEDCOM RS1600FNC RUGGEDCOM RS1600NC RUGGEDCOM RS1600T RUGGEDCOM RS1600TNC RUGGEDCOM RS400 RUGGEDCOM RS400NC RUGGEDCOM RS401 RUGGEDCOM RS401NC RUGGEDCOM RS416 RUGGEDCOM RS416NC RUGGEDCOM RS416NCv2 V4.X RUGGEDCOM RS416NCv2 V5.X RUGGEDCOM RS416P RUGGEDCOM RS416PNC RUGGEDCOM RS416PNCv2 V4.X RUGGEDCOM RS416PNCv2 V5.X RUGGEDCOM RS416Pv2 V4.X RUGGEDCOM RS416Pv2 V5.X RUGGEDCOM RS416v2 V4.X RUGGEDCOM RS416v2 V5.X RUGGEDCOM RS8000 RUGGEDCOM RS8000A RUGGEDCOM RS8000ANC RUGGEDCOM RS8000H RUGGEDCOM RS8000HNC RUGGEDCOM RS8000NC RUGGEDCOM RS8000T RUGGEDCOM RS8000TNC RUGGEDCOM RS900 RUGGEDCOM RS900 (32M) V4.X RUGGEDCOM RS900 (32M) V5.X RUGGEDCOM RS900G RUGGEDCOM RS900G (32M) V4.X RUGGEDCOM RS900G (32M) V5.X RUGGEDCOM RS900GNC RUGGEDCOM RS900GNC(32M) V4.X RUGGEDCOM RS900GNC(32M) V5.X RUGGEDCOM RS900GP RUGGEDCOM RS900GPNC RUGGEDCOM RS900L RUGGEDCOM RS900LNC RUGGEDCOM RS900M-GETS-C01 RUGGEDCOM RS900M-GETS-XX RUGGEDCOM RS900M-STND-C01 RUGGEDCOM RS900M-STND-XX RUGGEDCOM RS900MNC-GETS-C01 RUGGEDCOM RS900MNC-GETS-XX RUGGEDCOM RS900MNC-STND-XX RUGGEDCOM RS900MNC-STND-XX-C01 RUGGEDCOM RS900NC RUGGEDCOM RS900NC(32M) V4.X RUGGEDCOM RS900NC(32M) V5.X RUGGEDCOM RS900W RUGGEDCOM RS910 RUGGEDCOM RS910L RUGGEDCOM RS910LNC RUGGEDCOM RS910NC RUGGEDCOM RS910W RUGGEDCOM RS920L RUGGEDCOM RS920LNC RUGGEDCOM RS920W RUGGEDCOM RS930L RUGGEDCOM RS930LNC RUGGEDCOM RS930W RUGGEDCOM RS940G RUGGEDCOM RS940GNC RUGGEDCOM RS969 RUGGEDCOM RS969NC RUGGEDCOM RSG2100 RUGGEDCOM RSG2100 (32M) V4.X RUGGEDCOM RSG2100 (32M) V5.X RUGGEDCOM RSG2100NC RUGGEDCOM RSG2100NC(32M) V4.X RUGGEDCOM RSG2100NC(32M) V5.X RUGGEDCOM RSG2100P RUGGEDCOM RSG2100PNC RUGGEDCOM RSG2200 RUGGEDCOM RSG2200NC RUGGEDCOM RSG2288 V4.X RUGGEDCOM RSG2288 V5.X RUGGEDCOM RSG2288NC V4.X RUGGEDCOM RSG2288NC V5.X RUGGEDCOM RSG2300 V4.X RUGGEDCOM RSG2300 V5.X RUGGEDCOM RSG2300NC V4.X RUGGEDCOM RSG2300NC V5.X RUGGEDCOM RSG2300P V4.X RUGGEDCOM RSG2300P V5.X RUGGEDCOM RSG2300PNC V4.X RUGGEDCOM RSG2300PNC V5.X RUGGEDCOM RSG2488 V4.X RUGGEDCOM RSG2488 V5.X RUGGEDCOM RSG2488NC V4.X RUGGEDCOM RSG2488NC V5.X RUGGEDCOM RSG907R RUGGEDCOM RSG908C RUGGEDCOM RSG909R RUGGEDCOM RSG910C RUGGEDCOM RSG920P V4.X RUGGEDCOM RSG920P V5.X RUGGEDCOM RSG920PNC V4.X RUGGEDCOM RSG920PNC V5.X RUGGEDCOM RSL910 RUGGEDCOM RSL910NC RUGGEDCOM RST2228 RUGGEDCOM RST2228P RUGGEDCOM RST916C RUGGEDCOM RST916P **Description** The web server of the affected devices allows a low-privileged user to access hashes and password salts of all system's users, including admin users. An attacker could use the obtained information to brute force the passwords offline. The vulnerability is related to insufficient access control in the web servers of the RUGGEDCOM Ethernet switches. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** M-Files Classic Web versions before 23.10 M-Files Classic Web LTS Service Release Versions before 23.2 LTS SR4 M-Files Classic Web LTS Service Release Versions before 23.8 LTS SR1 **Description** The issue allows an attacker to execute a script on a user's browser via a stored HTML document. This is a Stored XSS vulnerability. **Recommendations** For M-Files Classic Web versions before 23.10, update to version 23.10 or later. For M-Files Classic Web LTS Service Release Versions before 23.2 LTS SR4, update to 23.2 LTS SR4 or later. For M-Files Classic Web LTS Service Release Versions before 23.8 LTS SR1, update to 23.8 LTS SR1 or later.

**Name of the Vulnerable Software and Affected Versions** SINEC NMS versions prior to V2.0 **Description** A vulnerability has been identified in the affected application, where it assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. **Recommendations** For versions prior to V2.0, update to version V2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the folders containing executable files and libraries to prevent privilege escalation.

**Name of the Vulnerable Software and Affected Versions** SIMATIC PCS 7 versions prior to V9.1 SP2 UC04 SIMATIC S7-PM versions prior to V5.7 SP1 HF1 SIMATIC S7-PM versions prior to V5.7 SP2 HF1 SIMATIC STEP 7 V5 versions prior to V5.7 **Description** A vulnerability has been identified in the affected products, which contain a database management system that could allow remote users with low privileges to use embedded functions of the database, potentially impacting the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server. The issue is related to incorrect code generation management. **Recommendations** For SIMATIC PCS 7 versions prior to V9.1 SP2 UC04, update to V9.1 SP2 UC04 or later. For SIMATIC S7-PM versions prior to V5.7 SP1 HF1, update to V5.7 SP1 HF1 or later. For SIMATIC S7-PM versions prior to V5.7 SP2 HF1, update to V5.7 SP2 HF1 or later. For SIMATIC STEP 7 V5 versions prior to V5.7, update to V5.7 or later.