Yahya Forihat

**Name of the Vulnerable Software and Affected Versions** Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 **Description** The issue allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption. **Recommendations** For version 2.9.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 **Description** The issue allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory. **Recommendations** For version 2.9.6, consider restricting access to the device memory to prevent overwriting the card's name as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 **Description** The issue is related to incorrect access control, allowing attackers to access the G code's shared folder and view sensitive information. **Recommendations** For version 2.9.6, consider restricting access to the G code's shared folder as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 **Description** The issue allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the `Hostmot2` configuration cookie in the device memory. **Recommendations** For version 2.9.6, consider restricting access to the device memory to prevent overwriting of the `Hostmot2` configuration cookie until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 **Description** The issue allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller. **Recommendations** For version 2.9.6, consider restricting access to the device memory to prevent overwriting of the hardcoded IP address until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 **Description** The issue in the communication protocol allows attackers to cause a Denial of Service (DoS) via crafted commands. **Recommendations** For version 2.9.6, consider restricting access to the communication protocol to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.