VARIoT IoT vulnerabilities database
| VAR-202003-1481 | CVE-2020-9290 | Windows for FortiClient Vulnerability in uncontrolled search path elements in |
CVSS V2: 6.9 CVSS V3: 7.8 Severity: HIGH |
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. Windows for FortiClient There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. The FortiClientOnlineInstaller.exe file in Fortinet FortiClient (Windows) 6.2.3 and earlier versions has a code issue vulnerability. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
| VAR-202003-1480 | CVE-2020-9287 | FortiClient EMS Vulnerability in uncontrolled search path elements in |
CVSS V2: 6.9 CVSS V3: 7.8 Severity: HIGH |
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. FortiClient EMS There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. The FortiClientEMSOnlineInstaller.exe file in Fortinet FortiClient EMS 6.2.1 and earlier versions has a code issue vulnerability. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
| VAR-202003-0841 | CVE-2019-17658 | FortiClientWindows Vulnerability in unquoted search paths or elements in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. FortiClientWindows Contains vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. A code issue vulnerability exists in Fortinet FortiClient FortiTray (Windows) 6.2.2 and earlier versions
| VAR-202003-0839 | CVE-2019-17653 | Fortinet FortiSIEM Cross-site request forgery vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. Fortinet FortiSIEM Exists in a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiSIEM is a security information and event management system developed by Fortinet Corporation. The system includes features such as asset discovery, workflow automation and unified management. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
| VAR-202003-0756 | CVE-2019-16157 | Fortinet FortiWeb Vulnerability regarding information leakage in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. Fortinet FortiWeb There is an information leakage vulnerability in.Information may be obtained. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
| VAR-202003-0755 | CVE-2019-16156 | Fortinet FortiWeb Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). Fortinet FortiWeb Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202003-0526 | CVE-2019-6699 | Fortinet FortiADC Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. Fortinet FortiADC Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202003-0417 | CVE-2020-10181 | Sumavision Enhanced Multimedia Router Cross-Site Request Forgery Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request. (DoS) It may be put into a state. Sumavision Enhanced Multimedia Router (EMR) is an enhanced multimedia router of China Digital Video Technology (Sumavision) Company
| VAR-202003-1131 | CVE-2020-1879 | plural Huawei Vulnerability in product integrity verification deficiencies |
CVSS V2: 3.6 CVSS V3: 3.9 Severity: LOW |
There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3). plural Huawei The product contains a vulnerability related to data integrity verification deficiencies.Information may be tampered with. Huawei HEGE-570 is a smart screen device of China's Huawei company.
There are security vulnerabilities in many Huawei products, and attackers with high privileges can use this vulnerability to make malicious modifications
| VAR-202003-0680 | CVE-2019-5158 | WAGO e!COCKPIT Vulnerability in using hard-coded credentials in automation software |
CVSS V2: 4.3 CVSS V3: 7.8 Severity: HIGH |
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. WAGO e!COCKPIT Automation software contains vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation.
WAGO e! COCKPIT firmware downgrade vulnerability, currently no detailed vulnerability details are provided
| VAR-202003-1130 | CVE-2020-1878 | Huawei smartphone OxfordS-AN00A Authentication vulnerabilities in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Huawei OxfordS-AN00A is a Huawei smartphone device
| VAR-202003-0393 | CVE-2020-10376 | Technicolor TC7337NET Vulnerability in plaintext transmission of critical information on devices |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. Technicolor TC7337NET The device contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Technicolor TC7337NET is a modem of Technicolor.
Technicolor TC7337NET version 08.89.17.23.03 has a security vulnerability
| VAR-202003-1709 | CVE-2020-9064 | Huawei smartphone Honor V30 Authentication vulnerabilities in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak
| VAR-202003-0684 | CVE-2019-5166 | WAGO PFC 200 Classic buffer overflow vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company.
There is a security hole in WAGO PFC 200
| VAR-202003-0672 | CVE-2019-5106 | WAGO e!Cockpit Vulnerability in using cryptographic algorithms in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. WAGO e!Cockpit Is vulnerable to the use of cryptographic algorithms.Information may be obtained. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation
| VAR-202003-1137 | CVE-2020-1863 | Huawei USG6000V Out-of-bounds read vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products. Huawei USG6000V Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Huawei USG6000V is a virtual service gateway product based on Network Function Virtualization (NFV) of China's Huawei company.
Huawei USG6000V V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have security vulnerabilities. Remote attackers can use this vulnerability to cause service anomalies
| VAR-202003-0345 | CVE-2020-0550 | plural Intel(R) Information leakage vulnerabilities in products |
CVSS V2: 1.9 CVSS V3: 5.6 Severity: MEDIUM |
Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html. plural Intel(R) The product contains a vulnerability related to information leakage.Information may be obtained. There are security vulnerabilities in several Intel products, which originate from the fact that the program does not forward data correctly in the data cache. The following products and versions are affected: Intel Xeon Processor D-1518; Xeon Processor D-1519; Xeon Processor D-1521; Xeon Processor D-1527; Xeon Processor D-1528; Xeon Processor D-1529; Xeon Processor D-1533, etc
| VAR-202003-1742 | CVE-2020-6208 | SAP Business Objects Business Intelligence Platform Code injection vulnerability in |
CVSS V2: 4.4 CVSS V3: 8.2 Severity: HIGH |
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. (DoS) May be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RPT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process
| VAR-202003-0783 | CVE-2019-19299 | Siemens SiNVR 3 Weak password vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
applies weak cryptography when exposing device (camera) passwords.
This could allow an unauthenticated remote attacker to read and decrypt
the passwords and conduct further attacks. SiNVR 3 is a video management platform
| VAR-202003-1250 | CVE-2018-18894 | plural Lexmark Path traversal vulnerabilities in devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. plural Lexmark A path traversal vulnerability exists in the device.Information may be obtained. Lexmark CX410 is a printer of Lexmark Corporation. Attackers can use this vulnerability to access sensitive files