VARIoT IoT vulnerabilities database
| VAR-202002-1366 | CVE-2020-8858 | Moxa MGate 5105-MB-EIP operating system command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552. Moxa MGate 5105-MB-EIP For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-9552 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. MGate 5105-MB-EIP is an industrial Ethernet gateway that supports MQTT or third-party cloud services (such as Azure and Alibaba Cloud). It can construct Modbus RTU/ASCII/TCP and EtherNet/IP network communications for IIoT applications
| VAR-202002-0451 | CVE-2019-13925 | Siemens SCALANCE S-600 Firewall WEB Server Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. plural SCALANCE The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Siemens SCALANCE S-600 Firewall is an industrial firewall device.
There is a security vulnerability in port 443 of the Siemens SCALANCE S-600 Firewall WEB server, allowing remote attackers to use the vulnerability to submit special requests for denial of service attacks
| VAR-202002-0334 | CVE-2019-20046 | Synergy Systems & Solutions HUSKY RTU 6049-E70 Authentication error vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is a different issue than CVE-2019-16879 and CVE-2019-20045. This vulnerability is CVE-2019-16879 , CVE-2019-20045 Is a different vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202002-0371 | CVE-2019-6195 | Lenovo XClarity Controller Vulnerability related to authority management in |
CVSS V2: 2.1 CVSS V3: 4.8 Severity: MEDIUM |
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC. Lenovo XClarity Controller (XCC) Exists in a privilege management vulnerability.Information may be obtained. It is mainly used to standardize and automate basic server management tasks.
Vulnerabilities in the permissions and access control issues exist in Lenovo XCC versions prior to 3.08 CDI340V, versions prior to 3.01 TEI392O, and versions prior to 1.71 PSI328N. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. No detailed vulnerability details are provided at this time
| VAR-202003-0762 | CVE-2019-19279 | SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families Denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens. SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families are automation functions that provide integrated protection, control, measurement and substation and other applications.
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families have a denial of service vulnerability
| VAR-202002-0452 | CVE-2019-13926 | plural SCALANCE Product exhaustion vulnerabilities |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device. plural SCALANCE The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks.
A denial of service vulnerability exists in the SIEMENS SCALAN CES-600 family
| VAR-202002-0449 | CVE-2019-13946 | Resource exhaustion vulnerabilities in multiple Siemens products |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit
internal resource allocation when multiple legitimate diagnostic package
requests are sent to the DCE-RPC interface.
This could lead to a denial of service condition due to lack of memory
for devices that include a vulnerable version of the stack.
The security vulnerability could be exploited by an attacker with network
access to an affected device. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise the availability of the device. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SCALANCE X-200IRT and SCALANCE XB-200 are products of the German company Siemens. SCALANCE X-200IRT is an industrial Ethernet switch. SCALANCE XB-200 is a managed industrial Ethernet switch. The vulnerability stems from the program's failure to limit the allocation of memory resources. A remote attacker can use the vulnerability by sending a specially crafted package to cause a denial of service. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions)
| VAR-202002-0448 | CVE-2019-13940 | plural SIMATIC CPU Resource exhaustion vulnerabilities in family products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server
by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.
Beyond the web service, no other functions or interfaces are affected by the denial of service condition. plural SIMATIC CPU Family products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Siemens SIMATIC S7-300 CPUs, etc. are products of the German Siemens (Siemens) company. SIMATIC S7-300 CPUs is a CPU (Central Processing Unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). Siemens SIMATIC S7-400 is a programmable logic controller product used in the field of manufacturing and process automation.
There are resource management error vulnerabilities in many Siemens products
| VAR-202002-1475 | CVE-2019-13941 | OZW672 and OZW772 Vulnerability in externally accessible files or directories in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. OZW672 and OZW772 Contains vulnerabilities in externally accessible files or directories.Information may be obtained. Siemens OZW672 and OZW772 are the building controller products of Germany's Siemens
| VAR-202003-0596 | CVE-2019-6585 | SIEMENS SCALAN CES-600 family Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. plural SCALANCE The product contains a cross-site scripting vulnerability.Information may be obtained and tampered with. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks.
A cross-site scripting vulnerability exists in the SIEMENS SCALAN CES-600 family. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it
| VAR-202002-1348 | CVE-2020-8839 | CHIYU BF-430 Cross-site scripting vulnerabilities in converter devices |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. CHIYU BF-430 A cross-site scripting vulnerability exists in converter devices.Information may be obtained and tampered with. CHIYU BF-430 is a networked server that provides communication for access control, time and attendance systems and other equipment of Taiwan's Taiwan Seven Friends Technology (CHIYU) Company. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
| VAR-202002-0450 | CVE-2019-13924 | plural SCALANCE Vulnerability in improper restrictions on rendered user interface layers or frames in the product |
CVSS V2: 4.3 CVSS V3: 5.4 Severity: MEDIUM |
A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. plural SCALANCE The product contains a vulnerability regarding improper restrictions on rendered user interface layers or frames.Information may be obtained and tampered with. Siemens Scalance X-200, etc. are all industrial-grade Ethernet switches from the German company Siemens.
Input validation error vulnerabilities exist in many Siemens products, and attackers can use this vulnerability to hijack the click operations of other users
| VAR-202003-0763 | CVE-2019-19281 | SIMATIC S7-1500 CPU family Resource consumption vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability. The SIEMENS SIMATIC S7-1500 CPU family is designed for discrete and continuous control in industrial environments such as manufacturing, the global food and beverage, and chemical industries
| VAR-202003-0764 | CVE-2019-19282 | Input validation vulnerabilities in multiple Siemens products |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.
Successful exploitation requires no system privileges and no user interaction. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SIMATIC PCS 7 and SIMATIC WinCC are products of the German company Siemens. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is a set of automated data acquisition and monitoring (SCADA) system. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:
| VAR-202002-0383 | CVE-2019-14598 | Intel(R) CSME Authentication vulnerabilities in |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. Intel(R) CSME There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state.
Intel CSME has a security vulnerability. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation of the United States.
An authorization issue vulnerability exists in Intel CSME due to incorrect authentication in the subsystem. The following products and versions are affected: Intel CSME version 12.0 to 12.0.48, versions prior to 12.0.56 (IOT), versions 13.0 to 13.0.20, and versions 14.0 to 14.0.10
| VAR-202002-0372 | CVE-2019-6190 | plural Lenovo Product initialization vulnerabilities |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. Lenovo Desktop , Desktop - All in One , ThinkStation There is an initialization vulnerability in.Service operation interruption (DoS) It may be put into a state
| VAR-202003-0930 | CVE-2019-15708 | plural FortiAP In the product OS Command injection vulnerabilities |
CVSS V2: 7.2 CVSS V3: 6.7 Severity: MEDIUM |
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. plural FortiAP The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An operating system command injection vulnerability exists in Fortinet FortiAP. The following products and versions are affected: FortiAP-S/W2 versions prior to 6.2.2, versions prior to 6.0.6; FortiAP versions prior to 6.0.5; FortiAP-U versions prior to 6.0.0
| VAR-202002-0191 | CVE-2020-0563 | Intel(R) MPSS Vulnerability related to authority management in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) MPSS Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A security vulnerability exists in the installer of Intel Manycore Platform Software Stack versions prior to 3.8.6. A local attacker could exploit this vulnerability to elevate privileges
| VAR-202002-0188 | CVE-2020-0560 | Intel(R) Renesas Electronics(R) USB 3.0 Driver Vulnerability regarding improper default permissions in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Renesas Electronics(R) USB 3.0 Driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A security vulnerability exists in the installer in the Intel Renesas Electronics USB 3.0 Driver. An attacker could exploit this vulnerability to elevate privileges
| VAR-202002-0474 | CVE-2019-19668 | Rumpus FTP Web File Manager File Types Component Cross-Site Request Forgery Vulnerability |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. Rumpus FTP Contains a cross-site request forgery vulnerability.Information may be altered. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client