VARIoT IoT vulnerabilities database
| VAR-202206-1716 | CVE-2022-31874 | ASUS RT-N53 Security hole |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface
| VAR-202206-1782 | CVE-2022-31876 | NETGEAR WNAP320 Security hole |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
| VAR-202206-1581 | CVE-2022-31873 | Trendnet IP-110wn Security hole |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi
| VAR-202206-1635 | CVE-2022-31875 | Trendnet IP-110wn Security hole |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi
| VAR-202206-1254 | CVE-2022-20798 | Cisco Email Security Appliance and Cisco Secure Email Authorization problem vulnerability |
CVSS V2: 6.8 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device
| VAR-202206-1315 | CVE-2022-29496 | Blynk Security hole |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. Blynk is a set of Internet of Things platform of American Blynk company.
There is a security vulnerability in Blynk v1.0.1
| VAR-202206-1349 | CVE-2022-20664 | Cisco Email Security Appliance and Cisco Secure Email Information disclosure vulnerability |
CVSS V2: 3.5 CVSS V3: 7.7 Severity: HIGH |
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials
| VAR-202206-1301 | CVE-2022-20825 | Cisco Small Business Input validation error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability.
| VAR-202206-1063 | CVE-2021-37182 | SIEMENS SCALANCE XM-400 and XR-500 OSPF Packet Processing Vulnerability |
CVSS V2: 4.3 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs)
| VAR-202206-0846 | CVE-2022-32256 | Siemens SINEMA Remote Connect Server Security hole |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
| VAR-202206-1187 | CVE-2022-30937 | Siemens EN100 Ethernet module Buffer error vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition
| VAR-202206-0842 | CVE-2022-32252 | Siemens SINEMA Remote Connect Server Data forgery problem vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker
| VAR-202206-0839 | CVE-2022-27221 | Siemens SINEMA Remote Connect Server Security feature vulnerability |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack
| VAR-202206-0841 | CVE-2022-32262 | Siemens SINEMA Remote Connect Server Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution
| VAR-202206-0848 | CVE-2022-32251 | Siemens SINEMA Remote Connect Server Access control error vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user
| VAR-202206-0847 | CVE-2022-32260 | Siemens SINEMA Remote Connect Server Security hole |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios
| VAR-202206-1219 | CVE-2022-27668 | SAP Netweaver Security hole |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability
| VAR-202206-0840 | CVE-2022-32258 | Siemens SINEMA Remote Connect Server Security hole |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure
| VAR-202206-0845 | CVE-2022-32254 | Siemens SINEMA Remote Connect Server Log information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker
| VAR-202206-0843 | CVE-2022-29034 | Siemens SINEMA Remote Connect Server Cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.