VARIoT IoT vulnerabilities database

An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an information disclosure vulnerability.Information may be obtained. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. WAGO PFC200 has an information disclosure vulnerability. The vulnerability stems from configuration errors during the operation of the network system or product. An attacker could use this vulnerability to obtain sensitive information about the affected components

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot. Dell XPS 13 2-in-1 (7390) BIOS Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell XPS 13 2-in-1 is a notebook computer from Dell, USA. BIOS is one of the basic input and output systems

An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains an out-of-bounds write vulnerability for a critical function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. WAGO PFC200 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. Barco ClickShare Button The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Barco ClickShare Button R9861500D01 is a wireless control device for the demonstration system of Barco, Belgium. Barco ClickShare Button R9861500D01 The Dongle_bridge program embedded in versions earlier than 1.9.0 has an operating system command injection vulnerability, which originates from the process of externally inputting data to construct operating system executable commands, and the network system or product did not properly filter the special characters and commands. The attacker can use this vulnerability to execute illegal operating system commands

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. Intel(R) SCS Platform Discovery Utility Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel SCS Discovery Utility is a utility program of Intel Corporation for obtaining detailed data about Intel AMT. A security vulnerability exists in the installer in the Intel SCS Discovery Utility (all versions). A local attacker could exploit this vulnerability to elevate privileges

The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. Petwant PF-103 Firmware and Petalk AI Is vulnerable to a lack of authentication.Information may be tampered with. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities

Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. Petwant PF-103 Firmware and Petalk AI Contains a vulnerability in the verification of digital signatures.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. A data forgery vulnerability exists in Petalk AI and PF-103. The vulnerability stems from the program using an unencrypted HTTP protocol for firmware updates

Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Petwant PF-103 Firmware and Petalk AI Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. There is a trust management issue vulnerability in Petwant PF-103 and Petalk AI version 3.2.2.30 using 4.3.2.50 firmware. The vulnerability originates from the program using the default credentials for the TELNET server. A remote attacker could use this vulnerability as the root user. Execute arbitrary system commands

A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. Petwant PF-103 Firmware and Petalk AI Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. A buffer overflow vulnerability exists in the 'processCommandUploadLog' function of the libcommon.so file in version 4.22.2.42 of Petwant PF-103 and Petalk AI 3.2.2.30. This vulnerability originates from a network system or product performing operations on memory Data boundaries are incorrectly verified, which results in erroneous read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflows or heap overflows

processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Petwant PF-103 Firmware and Petalk AI Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. The operating system command injection vulnerability exists in the 'processCommandSetUid ()' function of the libcommon.so file in version 4.22.2.42 of Petwant PF-103 and Petalk AI 3.2.2.30

The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Petwant PF-103 Firmware and Petalk AI Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities

processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Petwant PF-103 Firmware and Petalk AI Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. System commands

IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357. IBM MQ and IBM MQ Appliance Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 166357 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. Petwant PF-103 Firmware and Petalk AI Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. A buffer overflow vulnerability exists in the 'processCommandUploadSnapshot' function of the libcommon.so file in Petwant PF-103 and Petalk AI version 3.2.2.30 using 4.22.2.42 firmware. The vulnerability originates from a network system or product performing operations on memory. Data boundaries are incorrectly verified, which results in erroneous read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflows or heap overflows

The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Petwant PF-103 Firmware and Petalk AI Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. Any system command

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR AC1200 Smart WiFi Router. User interaction is required to exploit this vulnerability.The specific flaw exists within the handling of admin credentials provided to the mini_httpd endpoint. The issue results from displaying sensitive information in plaintext. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator.

In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server. Advantech DiagAnywhere Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of FOLDER_CREATE messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Advantech DiagAnywhere Server is a set of remote monitoring software based on Windows platform from Advantech, Taiwan. This software is mainly used for remote monitoring of Advantech TPC, APAX, UNO and ADAM. Advantech DiagAnywhere Server has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwOpcBs.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. Omron PLC CJ Series and PLC CS The series includes Capture-replay There is a vulnerability related to authentication bypass by.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Omron PLC CJ and CS series is the PLC of Omron