CVE-2024-22734

Name of the Vulnerable Software and Affected Versions AMCS Group Trux Waste Management Software versions prior to 7.19.0018.26912

Description An issue in the Trux Waste Management Software allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components. This could allow attackers with local network access to take complete control of the application and gain unrestricted access to sensitive ERP databases.

Recommendations For versions prior to 7.19.0018.26912, update to version 7.19.0018.26912 or later to resolve the issue. As a temporary workaround, consider restricting access to the TxUtilities.dll and TruxUser.cfg components to minimize the risk of exploitation.