VARIoT IoT vulnerabilities database
| VAR-202002-0604 | CVE-2020-1875 | plural Huawei Product vulnerabilities to access to uninitialized pointers |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain process reboot. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500;USG9500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500
| VAR-202002-0599 | CVE-2020-1874 | plural HUAWEI Product vulnerabilities to access to uninitialized pointers |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause certain process reboot. NIP6800 , Secospace USG6600 , USG9500 Exists in an uninitialized pointer access vulnerability.Service operation interruption (DoS) It may be put into a state
| VAR-202002-0598 | CVE-2020-1873 | plural Huawei Out-of-bounds read vulnerabilities in the product |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot. NIP6800 , Secospace USG6600 , USG9500 Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state
| VAR-202002-0614 | CVE-2020-1855 | plural Huawei Product input verification vulnerabilities |
CVSS V2: 3.6 CVSS V3: 6.1 Severity: MEDIUM |
Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal. plural Huawei The product contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Huawei HEGE-570 is a smart screen device of China's Huawei company.
Input validation error vulnerabilities exist in many Huawei products
| VAR-202002-1226 | CVE-2020-6970 | Emerson OpenEnterprise SCADA Server Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. Emerson OpenEnterprise SCADA Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Emerson Electric OpenEnterprise SCADA Server is a set of data acquisition and monitoring system (SCADA) servers for remote oil and gas applications from Emerson Electric. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
| VAR-202002-0461 | CVE-2019-18352 | PHOENIX CONTACT FL NAT 2208 and 2304-2GC-2SFP Unauthorized authentication vulnerabilities in devices |
CVSS V2: 4.3 CVSS V3: 8.2 Severity: HIGH |
Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time
| VAR-202002-0597 | CVE-2020-1872 | Huawei smartphone P10 Plus Input verification vulnerability in |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. Huawei smartphone P10 Plus There is an input verification vulnerability in.Information may be tampered with.
There are security holes in Huawei smart phones P10 Plus
| VAR-202002-1691 | No CVE | Schneider Electric Modicon M580 has a denial of service vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Schneider Electric Modicon M580 is an Ethernet programmable controller.
Schneider Electric Modicon M580 has a denial of service vulnerability. An attacker can exploit this vulnerability by sending a carefully constructed 0x28 function code data packet to cause a denial of service.
| VAR-202002-1405 | CVE-2020-9031 | plural Symmetricom SyncServer Path traversal vulnerabilities in devices |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. plural Symmetricom SyncServer A path traversal vulnerability exists in the device.Information may be obtained and tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory
| VAR-202002-1693 | No CVE | SIEMENS SIMATIC S7-200 Smart has weak password vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Siemens is the world's leading technology company. With innovations in the fields of electrification, automation and digitalization, Siemens provides customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software.
SIEMENS SIMATIC S7-200 Smart has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202002-1337 | CVE-2020-9020 | Iteris Vantage Velocity Field Unit operating system command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. (DoS) It may be put into a state
| VAR-202002-0493 | CVE-2019-18998 | ABB Asset Suite Access Control Error Vulnerability |
CVSS V2: 5.5 CVSS V3: 7.1 Severity: HIGH |
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. ABB Asset Suite Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained and tampered with. ABB Asset Suite is a set of enterprise asset management solutions mainly used in the power generation industry by Swiss ABB company. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to obtain sensitive information on the website. The following products and versions are affected: ABB Asset Suite from version 9.0 to version 9.3, version 9.4 before 9.4.2.6, version 9.5 before 9.5.3.2, version 9.6.0
| VAR-202002-1341 | CVE-2020-9024 | Iteris Vantage Velocity Field Unit Device permission management vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. (DoS) It may be put into a state. No detailed vulnerability details are provided at this time
| VAR-202002-1344 | CVE-2020-9027 | ELTEX NTP-RG-1402G and NTP-2 On the device OS Command injection vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. ELTEX NTP-RG-1402G and NTP-2 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ELTEX NTP-RG-1402G is a router product of Russian ELTEX company.
An operating system command injection vulnerability exists in ELTEX NTP-RG-1402G 1v10 3.25.3.32. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands
| VAR-202002-1343 | CVE-2020-9026 | ELTEX NTP-RG-1402G Operating System Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. ELTEX NTP-RG-1402G and NTP-2 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ELTEX NTP-RG-1402G is a router product of Russian ELTEX company.
An operating system command injection vulnerability exists in ELTEX NTP-RG-1402G 1v10 3.25.3.32. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands
| VAR-202002-1411 | CVE-2020-9043 | WordPress for wpCentral Privilege management vulnerabilities in plugins |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. WordPress for wpCentral The plugin contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WordPress plugin WPCentral is a centralized dashboard for managing multiple WordPress websites.
wpCentral versions prior to 1.5.1 have improper access control vulnerabilities
| VAR-202002-1232 | CVE-2020-8768 | Phoenix Contact Emalytics Controller ILC 2050 BI and BI-L Vulnerability in improper permission assignment for critical resources in |
CVSS V2: 7.5 CVSS V3: 9.4 Severity: CRITICAL |
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. Phoenix Contact Emalytics Controller ILC 2050 BI and BI-L Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. from Phoenix Contact, Germany
| VAR-202002-1339 | CVE-2020-9022 | plural Xirrus Cross-site scripting vulnerabilities in devices |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. plural Xirrus A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. Cambium Networks Xirrus XR520 is a wireless access point device of Cambium Networks in the United States. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202002-1038 | CVE-2020-5531 | Mitsubishi Electric MELSEC C Language controller unit and MELIPC series MI5000 Multiple vulnerabilities in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. Provided by Mitsubishi Electric Corporation MELSEC C Language controller unit and MELIPC series MI5000 In Wind River Company real-time OS Is VxWorks of TCP/IP Network stack (IPnet) The following vulnerabilities discovered in ( Known as " URGENT/11 " ) There are multiple vulnerabilities due to. * Q24DHCCPU-V and Q24DHCCPU-VG* Buffer error (CWE-119) - CVE-2019-12255* Buffer error (CWE-119) - CVE-2019-12257* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265* R12CCPU-V and RD55UP06-V* Buffer error (CWE-119) - CVE-2019-12256* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265* MI5122-VW* Buffer error (CWE-119) - CVE-2019-12256* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12260* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265Crafted by a remote third party TCP Receiving the packet may cause the product service to stop or the malware to be executed. Mitsubishi Electric MELSEC-Q Series is a programmable logic controller of MELSEC-Q series.
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 TCP / IP functions have security holes. A remote attacker could use this vulnerability to cause a denial of service and / or run malware
| VAR-202002-1338 | CVE-2020-9021 | Post Oak AWAM Bluetooth Field Device In OS Command injection vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. (DoS) It may be put into a state. An attacker could use this vulnerability to gain root access to the device