VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202206-1716 CVE-2022-31874 ASUS RT-N53 Security hole CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface
VAR-202206-1782 CVE-2022-31876 NETGEAR WNAP320 Security hole CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
VAR-202206-1581 CVE-2022-31873 Trendnet IP-110wn Security hole CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi
VAR-202206-1635 CVE-2022-31875 Trendnet IP-110wn Security hole CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi
VAR-202206-1254 CVE-2022-20798 Cisco Email Security Appliance and Cisco Secure Email Authorization problem vulnerability CVSS V2: 6.8
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device
VAR-202206-1315 CVE-2022-29496 Blynk Security hole CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. Blynk is a set of Internet of Things platform of American Blynk company. There is a security vulnerability in Blynk v1.0.1
VAR-202206-1349 CVE-2022-20664 Cisco Email Security Appliance and Cisco Secure Email Information disclosure vulnerability CVSS V2: 3.5
CVSS V3: 7.7
Severity: HIGH
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials
VAR-202206-1301 CVE-2022-20825 Cisco Small Business Input validation error vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability.
VAR-202206-1063 CVE-2021-37182 SIEMENS SCALANCE XM-400 and XR-500 OSPF Packet Processing Vulnerability CVSS V2: 4.3
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs)
VAR-202206-0846 CVE-2022-32256 Siemens SINEMA Remote Connect Server Security hole CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
VAR-202206-1187 CVE-2022-30937 Siemens EN100 Ethernet module Buffer error vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition
VAR-202206-0842 CVE-2022-32252 Siemens SINEMA Remote Connect Server Data forgery problem vulnerability CVSS V2: 9.3
CVSS V3: 7.8
Severity: HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker
VAR-202206-0839 CVE-2022-27221 Siemens SINEMA Remote Connect Server Security feature vulnerability CVSS V2: 4.3
CVSS V3: 5.9
Severity: MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack
VAR-202206-0841 CVE-2022-32262 Siemens SINEMA Remote Connect Server Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution
VAR-202206-0848 CVE-2022-32251 Siemens SINEMA Remote Connect Server Access control error vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user
VAR-202206-0847 CVE-2022-32260 Siemens SINEMA Remote Connect Server Security hole CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios
VAR-202206-1219 CVE-2022-27668 SAP Netweaver Security hole CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability
VAR-202206-0840 CVE-2022-32258 Siemens SINEMA Remote Connect Server Security hole CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure
VAR-202206-0845 CVE-2022-32254 Siemens SINEMA Remote Connect Server Log information disclosure vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker
VAR-202206-0843 CVE-2022-29034 Siemens SINEMA Remote Connect Server Cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.