VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202406-0212 CVE-2024-35303 Siemens Tecnomatix Plant Simulation MODEL File Parsing Type Confusion Remote Code Execution Vulnerability CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of MODEL files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition
VAR-202406-0059 CVE-2024-35292 Siemens S7-200 SMART series uses insecure random values ​​vulnerability CVSS V2: 8.5
CVSS V3: 8.2
Severity: HIGH
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices are using a predictable IP ID sequence number. This leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial of service condition. The S7-200 SMART series is a series of micro programmable logic controllers that can control a variety of small automation applications. The Siemens S7-200 SMART series has an unsafe random value vulnerability that can be exploited by attackers to create a denial of service condition
VAR-202406-0101 CVE-2024-32849 Trend Micro Maximum Security coreServiceShell Link Following Local Privilege Escalation Vulnerability CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the coreServiceShell. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM
VAR-202405-2633 No CVE HP DesignJet T730 of HP Trading (Shanghai) Co., Ltd. has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
HP DesignJet T730 is a printer. HP DesignJet T730 of HP Trading (Shanghai) Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202405-3772 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. EG2000CE has a command execution vulnerability (CNVD-2024-22811) CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
EG2000CE is an intelligent router. EG2000CE of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.
VAR-202405-2040 No CVE H3C ER5100G2 system management has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
ER5100G2 is a new generation enterprise-class Gigabit wired router. H3C ER5100G2 system management has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.
VAR-202405-2251 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. EG3210 has a command execution vulnerability (CNVD-2024-23199) CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
EG3210 is a multi-service security gateway. Beijing Xingwang Ruijie Network Technology Co., Ltd. EG3210 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
VAR-202405-3031 No CVE Shenzhen Tongwei Digital Technology Co., Ltd. InVid Tech has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Shenzhen Tongwei Digital Technology Co., Ltd. is an international provider of video security products and system solutions integrating R&D, production, sales and services. Shenzhen Tongwei Digital Technology Co., Ltd. InVid Tech has a weak password vulnerability, which attackers use to log in to the system backend and obtain sensitive information.
VAR-202405-2830 No CVE Beijing Asia Control Technology Development Co., Ltd. Asia Control Giant SCADA Monitoring Platform has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Yakong Giant SCADA Monitoring Platform is a high-end industrial automation full-configuration monitoring software suitable for "all-trusted" industrial control systems. It supports the joint use of all mainstream trusted CPUs, operating systems, PLC devices, and databases. The Yakong Giant SCADA Monitoring Platform of Beijing Yakong Technology Development Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202405-3782 CVE-2024-4609 Rockwell Automation FactoryTalk View SE SQL Injection Vulnerability CVSS V2: 8.0
CVSS V3: -
Severity: HIGH
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States
VAR-202405-1356 No CVE Ruijie Networks Co., Ltd. EG3210 has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
EG3210 is a new generation of multi-service security gateway in the RG-EG3200 series. It is a comprehensive gateway device designed for small and medium-sized network egress. Ruijie Networks Co., Ltd. EG3210 has a command execution vulnerability, which can be exploited by attackers to execute commands.
VAR-202405-0440 No CVE Schneider Electric (China) Co., Ltd. Quantum 140CPU65150PL has a denial of service vulnerability CVSS V2: 6.1
CVSS V3: -
Severity: MEDIUM
Quantum 140CPU65150PL is a Unity processor in the Schneider Electric series. It combines the standard functions of a PLC with the diagnostic functions of a network server and uses an RJ-45 connection for communication. Schneider Electric (China) Co., Ltd. Quantum 140CPU65150PL has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202405-0649 No CVE Beijing Yakong Technology Development Co., Ltd. KingPortal development system has an information leakage vulnerability (CNVD-2024-16583) CVSS V2: 2.1
CVSS V3: -
Severity: LOW
Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform established in 1997. Beijing Yakong Technology Development Co., Ltd. KingPortal development system has information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202405-1812 CVE-2023-49909 TP-LINK AC1350 has an unspecified vulnerability (CNVD-2024-23784) CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
TP-LINK AC1350 is a router from China's TP-LINK company. TP-LINK AC1350 has a security vulnerability that can be exploited by an attacker to cause remote code execution through a series of specially crafted HTTP requests.
VAR-202405-0539 CVE-2023-40720 fortinet's  FortiVoice  Vulnerability in user-controlled key authentication evasion in CVSS V2: -
CVSS V3: 7.1
Severity: HIGH
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. fortinet's FortiVoice Exists in a user-controlled key authentication evasion vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state
VAR-202405-0161 CVE-2024-33583 Siemens SIMATIC RTLS Locating Manager Hidden Function Vulnerability CVSS V2: 2.1
CVSS V3: 3.3
Severity: LOW
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions
VAR-202405-0216 CVE-2024-33577 Siemens Simcenter Nastran Stack Buffer Overflow Vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.90). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process. Simcenter Nastran is a finite element method solver. Siemens Simcenter Nastran has a stack buffer overflow vulnerability
VAR-202405-0157 CVE-2024-33499 Siemens SIMATIC RTLS Locating Manager Critical Resource Permission Assignment Improper Vulnerability CVSS V2: 8.3
CVSS V3: 9.1
Severity: CRITICAL
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which are real-time wireless location systems that provide location solutions
VAR-202405-0158 CVE-2024-33498 Siemens SIMATIC RTLS Locating Manager Resource Consumption Uncontrolled Vulnerability CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected applications do not properly release memory that is allocated when handling specifically crafted incoming packets. This could allow an unauthenticated remote attacker to cause a denial of service condition by crashing the service when it runs out of memory. The service is restarted automatically after a short time. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions
VAR-202405-0153 CVE-2024-33497 Siemens SIMATIC RTLS Locating Manager Insufficient Protected Credentials Vulnerability (CNVD-2024-24518) CVSS V2: 5.7
CVSS V3: 6.3
Severity: MEDIUM
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions