"The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host," the CERT/CC's advisory states.They could also abuse CVE-2018-5409 in order to execute malicious code
"by compromising the host server, performing DNS spoofing or modifying the code in transit," the advisory continues. And the third vulnerability, CVE-2019-9505, could be exploited to allow remote unauthorized changes to configuration files. Versions 18.3.1.96 of PrinterLogic are affected by the trio of bugs. As of May 6 at noon ET, there are no patched versions available. In the meantime, the CERT/CC suggests that PrinterLogic customers "consider using 'always on' VPN to prevent some of the MITM scenarios and enforce application whitelisting on the endpoint to prevent the PrinterLogic agent from executing malicious code."UPDATE 5/10/19: PrinterLogic now has has an active resolution in place to address the vulnerability. The solution is available here.