Tomohisa Hasegawa

**Name of the Vulnerable Software and Affected Versions** WAB-MAT versions 5.0.0.8 and earlier **Description** The issue arises from the software starting another program with an unquoted file path. Given that a registered Windows service path contains spaces and is unquoted, a malicious executable placed on a specific path could be executed with the privilege of the Windows service. **Recommendations** For WAB-MAT versions 5.0.0.8 and earlier, consider quoting the file path of the Windows service to prevent potential exploitation. As a temporary workaround, restrict access to the paths where the malicious executable could be placed to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ELECOM Camera Assistant version 1.00 QuickFileDealer versions 1.2.1 and earlier **Description** The issue is related to an untrusted search path vulnerability. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. **Recommendations** For ELECOM Camera Assistant version 1.00, update to a version that fixes the untrusted search path vulnerability. For QuickFileDealer versions 1.2.1 and earlier, update to a version that fixes the untrusted search path vulnerability. As a temporary workaround, consider restricting access to directories where a Trojan horse DLL could be placed to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** +F FS040U versions v2.3.4 and earlier **Description** A plaintext storage of a password issue exists, which may allow an attacker to obtain the login password and log in to the management console. **Recommendations** For versions v2.3.4 and earlier, update to a version later than v2.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the management console to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** +F FS040U versions v2.3.4 and earlier +F FS020W versions v4.0.0 and earlier +F FS030W versions v3.3.5 and earlier +F FS040W versions v1.4.1 and earlier **Description** A cross-site request forgery (CSRF) issue allows an adjacent attacker to hijack the authentication of an administrator and user, potentially leading to unintended operations such as rebooting the product and/or resetting the configuration to the initial set-up. **Recommendations** For +F FS040U versions v2.3.4 and earlier, consider disabling access to sensitive operations until a patch is available. For +F FS020W versions v4.0.0 and earlier, restrict access to the product's configuration settings to minimize the risk of exploitation. For +F FS030W versions v3.3.5 and earlier, avoid using the product's web interface for critical operations until the issue is resolved. For +F FS040W versions v1.4.1 and earlier, limit user privileges to prevent unintended actions. As a temporary workaround, consider implementing additional authentication measures, such as re-authentication for sensitive operations, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Content Transfer (for Windows) versions 1.3 and prior **Description** The issue is related to an untrusted search path vulnerability in the installer. This could allow an attacker to elevate privileges by using a specially crafted DLL. The vulnerability can be exploited via a Trojan horse DLL in an unspecified directory. **Recommendations** For versions 1.3 and prior, consider restricting access to the installer until a patch is available. As a temporary workaround, avoid using the installer in environments where untrusted DLLs could be loaded, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Device Software Manager versions prior to 2.20.3.0 **Description** The issue is related to an untrusted search path vulnerability in the installer of Device Software Manager. This vulnerability can be exploited by an attacker to gain privileges via a Trojan horse DLL in an unspecified directory, potentially allowing the loading of arbitrary files. **Recommendations** For versions prior to 2.20.3.0, update to version 2.20.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the installer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WPS Office version 10.8.0.6186 **Description** The issue is related to the insecure loading of dynamic link libraries (DLLs), such as VERSION.DLL, by the installer of WPS Office. This allows an attacker to execute arbitrary code with the privilege of the user invoking the installer, potentially leading to privilege escalation. **Recommendations** For WPS Office version 10.8.0.6186, consider restricting the execution of the installer until a secure version is available, and avoid using the installer on sensitive systems to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows 10 Fall Creators Update (affected versions not specified) **Description** The issue concerns an untrusted search path vulnerability in the installer of the Windows 10 Fall Creators Update Modify module for Security Measures tool. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.