Tomer Goldschmidt

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** A low privileged remote attacker can upload any file to an arbitrary location due to a missing file check, potentially leading to remote code execution. The issue allows for unrestricted file uploads, which could be exploited to gain unauthorized access or control over the system. The affected system lacks proper validation of uploaded files, enabling an attacker to place malicious code in an arbitrary location. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025 (affected versions not specified) **Description** A remote attacker with low privileges can upload or overwrite Python scripts. This is achieved through a path traversal of the target filename within a PHP context, leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions (affected versions not specified) **Description** A webserver misconfiguration allows an unauthenticated remote attacker to read the source code of PHP modules. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2.3 **Description** The commissioning wizard does not validate if the device is already initialized. This allows an unauthenticated remote attacker to construct HTTP POST requests to set or modify root credentials without authentication. The affected devices are vulnerable to a root credential bypass due to insufficient validation during the commissioning process. The vulnerability enables attackers to gain unauthorized access and control over the device. The API endpoint used for this is a POST request to the commissioning wizard. The `device` is vulnerable to unauthorized modification of root credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** METZ CONNECT EWIO2-M versions prior to 2.2.0 METZ CONNECT Ethernet-IO EWIO2-BM versions prior to 2.2.0 **Description** An unauthenticated remote attacker can execute arbitrary PHP files and gain full access of the affected devices. This allows malicious actors to run malicious scripts without authentication, leading to full control over the device. The vulnerability affects industrial IoT control systems. **Recommendations** METZ CONNECT EWIO2-M versions prior to 2.2.0: Update to version 2.2.0 or later. METZ CONNECT Ethernet-IO EWIO2-BM versions prior to 2.2.0: Update to version 2.2.0 or later.

Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ (affected versions not specified) Description: The issue concerns JSON Web Tokens (JWT) that do not expire in MICROSENS NMP Web+, potentially allowing an attacker to gain access to the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ (affected versions not specified) Description: The issue could allow an unauthenticated attacker to overwrite files and execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ versions prior to 3.3.0 Description: The issue allows an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. This could potentially lead to full system control. Organizations worldwide remain at risk. Recommendations: For versions prior to 3.3.0, update to version 3.3.0 to fix the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. Avoid using the `JWT` token in authentication processes until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330 **Description** An issue exists where an attacker could connect to the device's ssh server and utilize the system's components to perform OS command executions. **Recommendations** For Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, consider changing the default `username` and `password` to prevent unauthorized access, and restrict access to the ssh server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A security issue has been identified, allowing for authentication bypass and involving hard-coded security-related constants. The issue is being actively exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Optigo Networks Visual BACnet Capture Tool version 3.1.2rc11 Optigo Visual Networks Capture Tool version 3.1.2rc11 Description: The issue allows an attacker to impersonate the web application service, potentially misleading victim clients. Recommendations: For Optigo Networks Visual BACnet Capture Tool version 3.1.2rc11, consider restricting access to the web application service until a patch is available. For Optigo Visual Networks Capture Tool version 3.1.2rc11, consider restricting access to the web application service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 Description: The issue concerns an exposed web management service that could allow an attacker to bypass authentication measures and gain control over utilities within the products. Recommendations: For Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11, consider disabling the web management service until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Affected products (affected versions not specified) **Description** The Cloud MQTT service of the affected products supports wildcard topic subscription, which could allow an attacker to obtain sensitive information from tapping the service communications. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Device Cloud (affected versions not specified) **Description** The issue concerns a vulnerability in the device cloud RPC command handling process. This vulnerability could allow remote attackers to take control of arbitrary devices connected to the cloud. There is evidence of active exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PLANET Technology switch software (affected versions not specified) **Description** The issue is related to an integer underflow, which can be exploited by an unauthenticated attacker sending a malformed HTTP request. This could potentially allow the attacker to crash the program. The exploitation involves sending a specially crafted HTTP request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The affected product is susceptible to a stack-based buffer overflow, which can be triggered by an unauthenticated attacker sending a malicious HTTP request. The webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. An exploit for this issue is available, with more information accessible at the provided links: https://t.co/vmA5nU15rh, https://t.co/KLXSw5zYBS, and https://t.co/Gud8m29Hdc. #cybersecurity #bufferoverflow #remotecodeexecution #webserver #stackbasedbufferoverflow

**Name of the Vulnerable Software and Affected Versions** Planet Switches (affected versions not specified) **Description** The issue exists due to the lack of measures to neutralize special elements in the firmware of PLANET Technology switches. An unauthenticated attacker could send commands through a malicious HTTP request, potentially resulting in remote code execution. This can be achieved by exploiting a command injection vulnerability, allowing attackers to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Product (affected versions not specified) **Description** The issue concerns unrestricted file uploads, which may allow an attacker to remotely execute code. This can potentially lead to an attacker running code from a remote location. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Product (affected versions not specified) **Description** The issue is related to a cross-site scripting attack, which may allow an attacker to bypass authentication and take over admin accounts. This could potentially lead to unauthorized access and control of sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elvaco (affected versions not specified) **Description** The issue arises from insufficiently protected credentials, potentially allowing an attacker to impersonate Elvaco and send false information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.