A critical vulnerability has been discovered in the fdtCONTAINER component by M&M Software GmbH used by PACTware.
While de-serializing PACTware 5 project files (loading PW5 files) the vulnerability can be exploited to execute arbitrary code.

Several vulnerabilities exist within firmware versions up to and including v1.5.48.

Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.

Several vulnerabilities have been discovered in the utilized component WIBU-SYSTEMS CodeMeter Runtime.

For detailed information please refer to WIBU-SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html

PACTware passwords are stored in a recoverable format (CVE-2020-9403)

PACTware passwords may be modified without knowing the current password (CVE-2020-9404)

Security researchers at ESET have reported a vulnerability called Kr00k (CVE-2019- 15126) which affects encrypted WiFi traffic for devices using Broadcom or Cypress chipsets. The vulnerability may allow an attacker to decrypt some WPA2- Personal/Enterprise traffic by forcing an AP/client to start utilizing an all-zero encryption key (similar to KRACK vulnerability).

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre- authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

See details on Microsoft's advisories:

CVE-2019-0708 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
CVE-2019-1181 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181)
CVE-2019-1182 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182)

Update A, 07.10.2019

• Added CVE-2019-1181 + CVE-2019-1182 to Summary
• Removed line "VisuNet RM Shell 5 devices and VisuNet PC devices running Windows 10 are not affected by this vulnerability." from Impact.
• Added "RM Shell 5 devices" info to Solution

A collection of Bluetooth attack vectors were discovered and related vulnerabilities known as "BlueBorne" were disclosed. These vulnerabilities collectively endanger amongst others Windows, Linux and mobile operating systems like Android or IOS. An unauthenticated attacker may take control of devices and perform commands or access sensitive data.