VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202002-0604 CVE-2020-1875 plural Huawei Product vulnerabilities to access to uninitialized pointers CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain process reboot. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500;USG9500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500
VAR-202002-0599 CVE-2020-1874 plural HUAWEI Product vulnerabilities to access to uninitialized pointers CVSS V2: 4.9
CVSS V3: 5.5
Severity: MEDIUM
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause certain process reboot. NIP6800 , Secospace USG6600 , USG9500 Exists in an uninitialized pointer access vulnerability.Service operation interruption (DoS) It may be put into a state
VAR-202002-0598 CVE-2020-1873 plural Huawei Out-of-bounds read vulnerabilities in the product CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot. NIP6800 , Secospace USG6600 , USG9500 Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state
VAR-202002-0614 CVE-2020-1855 plural Huawei Product input verification vulnerabilities CVSS V2: 3.6
CVSS V3: 6.1
Severity: MEDIUM
Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal. plural Huawei The product contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Huawei HEGE-570 is a smart screen device of China's Huawei company. Input validation error vulnerabilities exist in many Huawei products
VAR-202002-1226 CVE-2020-6970 Emerson OpenEnterprise SCADA Server Buffer Overflow Vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. Emerson OpenEnterprise SCADA Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Emerson Electric OpenEnterprise SCADA Server is a set of data acquisition and monitoring system (SCADA) servers for remote oil and gas applications from Emerson Electric. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
VAR-202002-0461 CVE-2019-18352 PHOENIX CONTACT FL NAT 2208 and 2304-2GC-2SFP Unauthorized authentication vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 8.2
Severity: HIGH
Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time
VAR-202002-0597 CVE-2020-1872 Huawei smartphone P10 Plus Input verification vulnerability in CVSS V2: 2.1
CVSS V3: 4.6
Severity: MEDIUM
Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. Huawei smartphone P10 Plus There is an input verification vulnerability in.Information may be tampered with. There are security holes in Huawei smart phones P10 Plus
VAR-202002-1691 No CVE Schneider Electric Modicon M580 has a denial of service vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Schneider Electric Modicon M580 is an Ethernet programmable controller. Schneider Electric Modicon M580 has a denial of service vulnerability. An attacker can exploit this vulnerability by sending a carefully constructed 0x28 function code data packet to cause a denial of service.
VAR-202002-1405 CVE-2020-9031 plural Symmetricom SyncServer Path traversal vulnerabilities in devices CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. plural Symmetricom SyncServer A path traversal vulnerability exists in the device.Information may be obtained and tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory
VAR-202002-1693 No CVE SIEMENS SIMATIC S7-200 Smart has weak password vulnerability CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
Siemens is the world's leading technology company. With innovations in the fields of electrification, automation and digitalization, Siemens provides customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. SIEMENS SIMATIC S7-200 Smart has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
VAR-202002-1337 CVE-2020-9020 Iteris Vantage Velocity Field Unit operating system command injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. (DoS) It may be put into a state
VAR-202002-0493 CVE-2019-18998 ABB Asset Suite Access Control Error Vulnerability CVSS V2: 5.5
CVSS V3: 7.1
Severity: HIGH
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. ABB Asset Suite Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained and tampered with. ABB Asset Suite is a set of enterprise asset management solutions mainly used in the power generation industry by Swiss ABB company. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to obtain sensitive information on the website. The following products and versions are affected: ABB Asset Suite from version 9.0 to version 9.3, version 9.4 before 9.4.2.6, version 9.5 before 9.5.3.2, version 9.6.0
VAR-202002-1341 CVE-2020-9024 Iteris Vantage Velocity Field Unit Device permission management vulnerabilities CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. (DoS) It may be put into a state. No detailed vulnerability details are provided at this time
VAR-202002-1344 CVE-2020-9027 ELTEX NTP-RG-1402G and NTP-2 On the device OS Command injection vulnerabilities CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. ELTEX NTP-RG-1402G and NTP-2 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ELTEX NTP-RG-1402G is a router product of Russian ELTEX company. An operating system command injection vulnerability exists in ELTEX NTP-RG-1402G 1v10 3.25.3.32. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands
VAR-202002-1343 CVE-2020-9026 ELTEX NTP-RG-1402G Operating System Command Injection Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. ELTEX NTP-RG-1402G and NTP-2 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ELTEX NTP-RG-1402G is a router product of Russian ELTEX company. An operating system command injection vulnerability exists in ELTEX NTP-RG-1402G 1v10 3.25.3.32. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands
VAR-202002-1411 CVE-2020-9043 WordPress for wpCentral Privilege management vulnerabilities in plugins CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. WordPress for wpCentral The plugin contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WordPress plugin WPCentral is a centralized dashboard for managing multiple WordPress websites. wpCentral versions prior to 1.5.1 have improper access control vulnerabilities
VAR-202002-1232 CVE-2020-8768 Phoenix Contact Emalytics Controller ILC 2050 BI and BI-L Vulnerability in improper permission assignment for critical resources in CVSS V2: 7.5
CVSS V3: 9.4
Severity: CRITICAL
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. Phoenix Contact Emalytics Controller ILC 2050 BI and BI-L Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. from Phoenix Contact, Germany
VAR-202002-1339 CVE-2020-9022 plural Xirrus Cross-site scripting vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. plural Xirrus A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. Cambium Networks Xirrus XR520 is a wireless access point device of Cambium Networks in the United States. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
VAR-202002-1038 CVE-2020-5531 Mitsubishi Electric  MELSEC C Language controller unit and  MELIPC  series  MI5000  Multiple vulnerabilities in CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. Provided by Mitsubishi Electric Corporation MELSEC C Language controller unit and MELIPC series MI5000 In Wind River Company real-time OS Is VxWorks of TCP/IP Network stack (IPnet) The following vulnerabilities discovered in ( Known as " URGENT/11 " ) There are multiple vulnerabilities due to. * Q24DHCCPU-V and Q24DHCCPU-VG* Buffer error (CWE-119) - CVE-2019-12255* Buffer error (CWE-119) - CVE-2019-12257* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265* R12CCPU-V and RD55UP06-V* Buffer error (CWE-119) - CVE-2019-12256* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265* MI5122-VW* Buffer error (CWE-119) - CVE-2019-12256* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12260* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265Crafted by a remote third party TCP Receiving the packet may cause the product service to stop or the malware to be executed. Mitsubishi Electric MELSEC-Q Series is a programmable logic controller of MELSEC-Q series. Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 TCP / IP functions have security holes. A remote attacker could use this vulnerability to cause a denial of service and / or run malware
VAR-202002-1338 CVE-2020-9021 Post Oak AWAM Bluetooth Field Device In OS Command injection vulnerabilities CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. (DoS) It may be put into a state. An attacker could use this vulnerability to gain root access to the device