Wodzen

**Name of the Vulnerable Software and Affected Versions** Fiber versions prior to 2.52.12 Fiber versions prior to 3.1.0 **Description** A Cross-Site Scripting issue exists in the Go Fiber web framework. A remote attacker can inject arbitrary HTML or JavaScript by providing an `Accept: text/html` header in a request where the handler passes attacker-influenced data to the `AutoFormat()` feature. While other formats like `JSON`, `XML`, `MsgPack`, and `CBOR` use encoders that neutralize markup, the HTML branch in the `AutoFormat()` function (and `Format()` in version 2) concatenates the data directly into HTML markup without output encoding. This occurs because the framework selects the response format based on the attacker-controlled `Accept` header, allowing the attacker to force the execution of the unescaped HTML branch. **Recommendations** Update to version 2.52.12 or later. Update to version 3.1.0 or later. As a temporary workaround, avoid using the `AutoFormat()` function or the `Format()` function when handling data that can be influenced by users.

**Name of the Vulnerable Software and Affected Versions** Fiber versions 3.0.0 and earlier Fiber versions 3.0.0 through 3.0.0 **Description** A Path Traversal flaw exists in Fiber, potentially allowing a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. The issue stems from a combination of factors: a check for backslash characters occurring before URL decoding, and the use of `path.Clean`, which is designed for slash-separated paths and does not recognize backslashes as directory separators. This allows attackers to traverse up the directory tree using sequences like `....`. The vulnerable code resides in the `sanitizePath` function within `middleware/static/static.go`. Exploitation allows directory traversal on the host server, potentially enabling attackers to access sensitive files, including configuration files, source code, and system files. **Recommendations** Update to Fiber version 3.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** FUXA versions 1.2.8 through 1.2.10 **Description** FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authentication bypass in FUXA allows a remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. The issue stems from a failure to verify JWT tokens on proxied routes. Exploitation involves sending a crafted request to the `/nodered/flows` API endpoint, bypassing authentication checks and granting administrative access to the Node-RED deployment API. Submitting a malicious flow configuration can then lead to arbitrary code execution in the context of the FUXA service. **Recommendations** Update FUXA to version 1.2.11 or later.

**Name of the Vulnerable Software and Affected Versions** FUXA versions 1.2.8 through 1.2.10 **Description** FUXA is a web-based Process Visualization software used in SCADA/HMI/Dashboard systems. An authorization bypass allows a remote, unauthenticated attacker to create and modify schedulers. This can expose connected ICS/SCADA environments to further malicious actions. The vulnerability exists due to insufficient access controls. **Recommendations** Update to FUXA version 1.2.11 or later.

**Name of the Vulnerable Software and Affected Versions** FUXA versions through 1.2.9 **Description** An information disclosure issue in FUXA allows a remote, unauthenticated attacker to obtain sensitive administrative database credentials. Exploitation allows an attacker to access the full system configuration, including administrative credentials for the InfluxDB database. This access may allow an attacker to read, modify, or delete historical process data, or cause a Denial of Service by corrupting the database. This affects all deployments, including those with `runtime.settings.secureEnabled` set to `true`. **Recommendations** Update to FUXA version 1.2.10 or later.

**Name of the Vulnerable Software and Affected Versions** FUXA versions through 1.2.9 **Description** FUXA is a web-based Process Visualization software. An insecure default configuration allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This occurs when authentication is enabled, but the administrator JWT secret is not configured. Exploitation involves forging JWTs to bypass authentication mechanisms and obtain administrative access. With elevated privileges, an attacker can interact with administrative APIs to execute arbitrary code within the FUXA service, potentially leading to full system compromise and impacting connected ICS/SCADA environments. **Recommendations** Update FUXA to version 1.2.10.

**Name of the Vulnerable Software and Affected Versions** FUXA versions through 1.2.9 **Description** FUXA is a web-based Process Visualization software. An authorization bypass allows a remote attacker to modify device tags via WebSockets. Exploitation bypasses role-based access controls, enabling attackers to overwrite device tags or disable communication drivers, potentially manipulating physical processes and disconnected devices. The `runtime.settings.secureEnabled` setting does not prevent exploitation. **Recommendations** Update to version 1.2.10 or later.

**Name of the Vulnerable Software and Affected Versions** FUXA versions prior to 1.2.10 **Description** FUXA, a web-based Process Visualization (SCADA/HMI/Dashboard) software, contains a path traversal issue that allows an unauthenticated remote attacker to write arbitrary files to any location on the server filesystem. This flaw affects all deployments, including those with `runtime.settings.secureEnabled` set to `true`. The issue exists because the '/api/upload' endpoint lacks authentication middleware, and the `destination` parameter can be manipulated to escape the application directory. This can lead to Remote Code Execution (RCE) if an attacker overwrites application code, startup scripts, or configuration files such as `settings.js`. Potential exploitation vectors include cron injection, SSH key drops, or webshell deployment, which may result in full system compromise and exposure of connected ICS/SCADA environments. **Recommendations** Update to version 1.2.10. As a temporary workaround, restrict access to the '/api/upload' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FUXA versions prior to 1.2.10 **Description** FUXA is a web-based Process Visualization software. A flaw exists where an unauthenticated, remote attacker can gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This is possible when the `runtime.settings.secureEnabled` setting is set to `true`. Exploitation involves minting administrator JWTs through the heartbeat refresh endpoint, allowing interaction with administrative APIs and potential full system compromise, which could impact connected ICS/SCADA environments. The API endpoint involved is the heartbeat refresh API. **Recommendations** Update to FUXA version 1.2.10 or later.

**Name of the Vulnerable Software and Affected Versions** Qwik versions prior to 1.19.0 **Description** A Cross-Site Scripting issue exists in Qwik.js' server-side rendering virtual attribute serialization. This allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation can lead to script execution in a victim's browser within the context of the affected origin. **Recommendations** Update to Qwik version 1.19.0 or later.

**Name of the Vulnerable Software and Affected Versions** Qwik versions prior to 1.19.0 **Description** An Open Redirect issue exists in Qwik City’s default request handler middleware. This allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation could allow attackers to create phishing links that appear to come from a trusted domain, but redirect the victim to a site controlled by the attacker. **Recommendations** Update to version 1.19.0 or later.

**Name of the Vulnerable Software and Affected Versions** @adonisjs/lucid versions prior to 21.8.2 @adonisjs/lucid versions prior to 22.0.0-next.6 **Description** A Mass Assignment issue exists in @adonisjs/lucid, an SQL ORM for AdonisJS. A remote attacker who can influence data passed into Lucid model assignments may be able to overwrite the internal ORM state, potentially leading to logic bypasses and unauthorized record modification. **Recommendations** Update to @adonisjs/lucid version 21.8.2. Update to @adonisjs/lucid version 22.0.0-next.6.

**Name of the Vulnerable Software and Affected Versions** AdonisJS versions through 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6 **Description** A Path Traversal vulnerability exists in the AdonisJS multipart file handling process. This flaw allows a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. The vulnerability is present in the `@adonisjs/bodyparser` package. Exploitation involves crafted upload filenames, potentially leading to remote code execution (RCE) if the `MultipartFile.move()` function is used without proper sanitization. Approximately 44,500 potentially affected systems have been identified. The vulnerability allows attackers to bypass file upload restrictions and overwrite system files, potentially leading to full control over the compromised system. **Recommendations** Update to @adonisjs/bodyparser version 10.1.2 or later. Update to @adonisjs/bodyparser version 11.0.0-next.6 or later. Ensure strict server-side filename validation is enforced to prevent path traversal attacks. Avoid enabling overwrite functionality unless absolutely necessary.

**Name of the Vulnerable Software and Affected Versions** node-forge versions 1.3.1 and earlier **Description** An interpretation-conflict issue exists in node-forge. Unauthenticated attackers can create specific ASN.1 structures that disrupt schema validations. This can lead to a difference in how data is understood, potentially bypassing cryptographic checks and security measures. **Recommendations** Update node-forge to a version later than 1.3.1.

**Name of the Vulnerable Software and Affected Versions** Vonets industrial wifi bridge relays and wifi bridge repeaters versions 3.3.23.6.9 and prior **Description** The issue is related to improper access control, allowing an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected `goform` endpoints. This enables the attacker to reset the device to its factory settings, potentially leading to unauthorized access or control. **Recommendations** For versions 3.3.23.6.9 and prior, consider disabling access to the `goform` endpoints as a temporary workaround until a patch is available. Restricting access to these endpoints can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vonets industrial wifi bridge relays and wifi bridge repeaters versions 3.3.23.6.9 and prior **Description** A directory traversal vulnerability enables an unauthenticated remote attacker to read arbitrary files and bypass authentication. The issue arises from an input validation error when processing directory traversal sequences, allowing an attacker to exploit the vulnerability using a specially crafted HTTP request. **Recommendations** For versions 3.3.23.6.9 and prior, update to a version that fixes the directory traversal vulnerability. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using the vulnerable software until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters versions 3.3.23.6.9 and prior **Description** The issue exists due to the presence of hard-coded credentials in the application code. This allows a remote attacker to bypass authentication using the hard-coded administrator credentials, which cannot be disabled. **Recommendations** For versions 3.3.23.6.9 and prior, update the software to a version that does not contain the hard-coded credentials vulnerability. As a temporary workaround, consider changing the default credentials on all devices to minimize the risk of exploitation. Restrict access to the administrator accounts to prevent unauthorized access until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Vonets industrial wifi bridge relays and wifi bridge repeaters versions 3.3.23.6.9 and prior **Description** The issue is related to an improper check or handling of exceptional conditions, which enables an unauthenticated remote attacker to cause a denial of service. This can be achieved by sending a specially-crafted HTTP request to pre-authentication resources, resulting in a service crash. **Recommendations** For versions 3.3.23.6.9 and prior, update to version 3.3.23.6.9 or later as soon as possible to resolve the issue. As a temporary workaround, consider restricting access to pre-authentication resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vonets industrial wifi bridge relays and wifi bridge repeaters versions 3.3.23.6.9 and prior **Description** The issue is related to OS command injection vulnerabilities that enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters. This could allow a remote attacker to perform unauthorized actions. **Recommendations** For versions 3.3.23.6.9 and prior, consider disabling access to vulnerable endpoint parameters until a patch is available. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters versions 3.3.23.6.9 and prior **Description** The issue is related to stack-based buffer overflow vulnerabilities in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters. This allows an unauthenticated remote attacker to execute arbitrary code. The exploitation of this vulnerability may enable a remote attacker to perform malicious actions. **Recommendations** For versions 3.3.23.6.9 and prior, as a temporary workaround, consider restricting access to the devices until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.