Thomas Weber

**Name of the Vulnerable Software and Affected Versions** CPCI85 Central Processing/Communication versions prior to V26.10 SICORE Base system versions prior to V26.10.0 **Description** An out-of-bounds write issue exists when parsing specially crafted XML inputs. This could allow an unauthenticated attacker to send a malicious XML request, potentially causing a denial-of-service condition by crashing the service. Multiple reports indicate offensive activities targeting these systems. **Recommendations** Update CPCI85 Central Processing/Communication to version 26.10 or later. Update SICORE Base system to version 26.10.0 or later.

**Name of the Vulnerable Software and Affected Versions** CPCI85 Central Processing/Communication versions prior to 26.10 RTUM85 RTU Base versions prior to 26.10 **Description** The affected application contains a denial-of-service (DoS) issue. The remote operation mode is susceptible to resource exhaustion when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality. **Recommendations** Update CPCI85 Central Processing/Communication to version 26.10 or later. Update RTUM85 RTU Base to version 26.10 or later.

Name of the Vulnerable Software and Affected Versions: Riello Netman 204 versions through 4.05 Description: The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device. Recommendations: For versions through 4.05, update the software to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Riello Netman 204 versions through 4.05 Description: The issue is related to improper neutralization of special elements, resulting in a SQL Injection vulnerability. This vulnerability is limited to the SQLite database of measurement data. Recommendations: For versions through 4.05, patch the system immediately and review logs for signs of compromise. Prioritize patching on all affected systems. As a temporary workaround, consider restricting access to the SQLite database of measurement data until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PerkinElmer ProcessPlus versions through 1.11.6507.0 **Description** The issue is related to the use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows, allowing an attacker to login and potentially remove data on all prone installations. **Recommendations** For PerkinElmer ProcessPlus versions through 1.11.6507.0, consider changing the hard-coded MSSQL credentials to secure ones as a temporary workaround, until a patch is available. Restrict access to the MSSQL database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PerkinElmer ProcessPlus versions through 1.11.6507.0 **Description** The issue allows an attacker to spawn a remote shell on the Windows system due to execution with unnecessary privileges in PerkinElmer ProcessPlus. **Recommendations** For versions through 1.11.6507.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PerkinElmer ProcessPlus versions through 1.11.6507.0 **Description** The issue is related to a local file inclusion in PerkinElmer ProcessPlus, allowing files on the Windows system to be accessible without authentication to external parties. **Recommendations** For versions through 1.11.6507.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SEH Computertechnik utnserver Pro versions 20.1.22 and below SEH Computertechnik utnserver ProMAX versions 20.1.22 and below SEH Computertechnik INU-100 versions 20.1.22 and below Description: An uncontrolled resource consumption of file descriptors in the affected software allows a denial of service (DoS) via HTTP. Recommendations: For versions 20.1.22 and below of utnserver Pro, utnserver ProMAX, and INU-100, consider restricting access to HTTP endpoints to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling HTTP services on the affected devices until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: utnserver Pro versions 20.1.22 and below utnserver ProMAX versions 20.1.22 and below INU-100 versions 20.1.22 and below Description: The issue is related to missing input validation and OS command integration in the web-interface of the affected products, allowing authenticated command injection. Recommendations: For utnserver Pro versions 20.1.22 and below, update to a version above 20.1.22 to resolve the issue. For utnserver ProMAX versions 20.1.22 and below, update to a version above 20.1.22 to resolve the issue. For INU-100 versions 20.1.22 and below, update to a version above 20.1.22 to resolve the issue. As a temporary workaround, consider restricting access to the web-interface of the affected products until a patch is available.

Name of the Vulnerable Software and Affected Versions: SEH Computertechnik utnserver Pro versions prior to 20.1.23 SEH Computertechnik utnserver ProMAX versions prior to 20.1.23 SEH Computertechnik INU-100 versions prior to 20.1.23 Description: The issue is related to missing input validation in the web-interface of the affected devices, allowing stored Cross-Site Scripting (XSS). This can be exploited by attackers to inject malicious scripts into the web-interface. Recommendations: For SEH Computertechnik utnserver Pro versions prior to 20.1.23, update to version 20.1.23 to stay secure. For SEH Computertechnik utnserver ProMAX versions prior to 20.1.23, update to version 20.1.23 to stay secure. For SEH Computertechnik INU-100 versions prior to 20.1.23, update to version 20.1.23 to stay secure.

Name of the Vulnerable Software and Affected Versions: IAP-420 versions 2.01e and below Description: The issue is related to missing input validation and OS command integration in the IAP-420 web-interface, allowing authenticated command injection. Recommendations: For IAP-420 versions 2.01e and below, consider disabling access to the web-interface until a patch is available. As a temporary workaround, restrict access to the vulnerable web-interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IAP-420 versions 2.01e and below **Description** The issue is related to missing input validation in the ORing IAP-420 web-interface, which allows stored Cross-Site Scripting (XSS). This problem is being actively exploited. **Recommendations** For IAP-420 versions 2.01e and below, update to a version above 2.01e to resolve the issue. As a temporary workaround, consider restricting access to the web-interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 **Description** The issue is related to a command injection vulnerability in the device name input field. This vulnerability can be triggered by authenticated users via a crafted POST request to exploit the vulnerability, allowing remote attackers to execute arbitrary commands. The vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. **Recommendations** For Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21, consider disabling the device name input field until a patch is available to prevent exploitation. Restrict access to the vulnerable input field to minimize the risk of exploitation. Avoid using the device name input field in crafted POST requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 **Description** The issue is related to a command injection vulnerability in the NTP server input field. This vulnerability can be triggered by authenticated users via a crafted POST request, potentially allowing a remote attacker to execute arbitrary code. **Recommendations** For Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21, consider disabling access to the NTP server input field until a patch is available. Restrict access to the vulnerable devices to minimize the risk of exploitation. Avoid using the NTP server input field in the affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 **Description** The issue is related to a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. This vulnerability may allow a remote attacker to execute arbitrary code by sending specially formed POST requests. **Recommendations** For Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21, consider disabling access to the vulnerable function until a patch is available. Restrict access to the affected devices to minimize the risk of exploitation. Avoid using the vulnerable API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelbras WiFiber 120AC inMesh versions before 1-1-220826 **Description** The issue allows command injection by authenticated users. This is demonstrated by the "/boaform/formPing6" and "/boaform/formTracert" URIs for ping and traceroute. **Recommendations** For versions before 1-1-220826, update to version 1-1-220826 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/boaform/formPing6" and "/boaform/formTracert" URIs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DX-2100-L1-CN version 2.42 **Description** The issue exists due to the lack of neutralization of special elements used in the operating system command by the lform/net diagnose component of the Delta Electronics DX-2100-L1-CN router's firmware. This can allow a remote attacker to execute arbitrary commands. **Recommendations** For Delta Electronics DX-2100-L1-CN version 2.42, as a temporary workaround, consider disabling the `lform/net diagnose` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DX-2100-L1-CN version 2.42 **Description** The issue is related to Cross Site Scripting (XSS) via `lform/urlfilter`. This means that an attacker could potentially inject malicious scripts into the website, allowing them to steal user data or take control of the user's session. **Recommendations** For Delta Electronics DX-2100-L1-CN version 2.42, as a temporary workaround, consider restricting access to the `lform/urlfilter` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DVW-W02W2-E2 version 1.5.0.10 **Description** The issue is related to a command injection vulnerability via crafted URLs in the web server of the Delta Electronics DVW-W02W2-E2 device. This vulnerability is due to the failure to neutralize special elements, which can allow a remote attacker to execute arbitrary commands and gain full control of the system by sending specially crafted requests. **Recommendations** For Delta Electronics DVW-W02W2-E2 version 1.5.0.10, consider disabling access to the web server interface until a patch is available to prevent exploitation of the command injection vulnerability. Restrict access to the device to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the command injection vulnerability until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hirschmann BAT-C2 versions prior to 09.13.01.00R04 **Description** The issue is related to insufficient argument checking in the FsCreateDir Ajax function of the Hirschmann BAT-C2's web interface, allowing an authenticated attacker to inject commands. This can be achieved by exploiting the `dir` parameter, enabling the attacker to execute arbitrary commands on the system. **Recommendations** For versions prior to 09.13.01.00R04, update to version 09.13.01.00R04 or later to resolve the issue. As a temporary workaround, consider restricting access to the FsCreateDir Ajax function to minimize the risk of exploitation. Additionally, avoid using the `dir` parameter in the affected function until the issue is resolved.