VARIoT IoT vulnerabilities database

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network. plural Huawei The product contains a classic buffer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. This vulnerability CVE-2019-18323 , CVE-2019-18324 , CVE-2019-18325 , CVE-2019-18326 , CVE-2019-18327 , CVE-2019-18328 , CVE-2019-18329 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Siemens SPPA-T3000 has a heap buffer overflow vulnerability

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains an information disclosure vulnerability.Information may be obtained. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Siemens SPPA-T3000 has an information disclosure vulnerability

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. This vulnerability CVE-2019-18323 , CVE-2019-18324 , CVE-2019-18325 , CVE-2019-18326 , CVE-2019-18328 , CVE-2019-18329 , CVE-2019-18330 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Siemens SPPA-T3000 has a heap buffer overflow vulnerability

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. There is a security vulnerability in the Siemens SPPA-T3000. An attacker could use the vulnerability to execute arbitrary code

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. Symantec Messaging Gateway Contains a server-side request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. A code issue vulnerability exists in Symantec Messaging Gateway prior to 10.7.3

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. A security vulnerability exists in Symantec Messaging Gateway prior to 10.7.3. A remote attacker could exploit this vulnerability to elevate privileges

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files. macOS Exists in a logic vulnerability due to a flaw in the processing of restrictions.Restricted files can be accessed through malicious applications. A security vulnerability exists in the ATS component of Apple macOS Catalina versions prior to 10.15.2. An attacker could exploit this vulnerability to execute arbitrary code with system privileges. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by a memory corruption flaw in the ATS component

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple macOS Catalina before 10.15.2; iOS before 13.3; iPadOS before 13.3; watchOS before 6.1.1; tvOS before 13.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3 iOS 13.3 and iPadOS 13.3 is now available and addresses the following: CallKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL CFNetwork Proxies Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team FaceTime Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero IOSurfaceAccelerator Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2019-8841: Corellium IOUSBDeviceFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8833: Ian Beer of Google Project Zero Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8828: Cim Stordal of Cognite CVE-2019-8838: Dr Silvio Cesare of InfoSect libexpat Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: This issue was addressed by updating to expat version 2.2.8. CVE-2019-15903: Joonun Jang Photos Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel Description: The issue was addressed with improved validation when an iCloud Link is created. CVE-2019-8857: Tor Bruce Security Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8832: Insu Yun of SSLab at Georgia Tech WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8835: Anonymous working with Trend Micro's Zero Day Initiative, Mike Zhang of Pangu Team CVE-2019-8844: William Bowling (@wcbowling) WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8846: Marcin Towalski of Cisco Talos Additional recognition Accounts We would like to acknowledge Kishan Bagaria (KishanBagaria.com <http://kishanbagaria.com/>) and Tom Snelling of Loughborough University for their assistance. Core Data We would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance. Settings We would like to acknowledge an anonymous researcher for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ <https://www.apple.com/itunes/> iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.3 and iPadOS 13.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 <https://support.apple.com/kb/HT201222> This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ <https://www.apple.com/support/security/pgp/> -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFpoACgkQBz4uGe3y 0M18fQ//WhVI4LKBRFvq8A5p7T8wwMklItFubvFzcxAec3ZHIYAXTTLpvZWNKCrc wvqlPkNBs1onvaq6LPddeL9uMWgBB0iiks6HX5oRrHuvutiRGC1n8VzJCgW8BWwI 7CNFNBXl4iBflupZlCnSdbwbDkJSyNN+DvouxzfXMqbpdnjV1NVNtlM/WrdFnVgU vqAnxY7FEFrwgyU/zAbfyo5S4qJ2fRC9MPiO3Tiq+abVEcprQ4wSmKJUtgvgudOX witjbU8I9eKz2H5jq555gkq4yZVHjg7vDhj1Ln1Zm2bO2PM5A6dsXsSCwzIYaqvF /wbrOuVbw1f1F4mD8Oq7IFHXsoWysUnOPEApeKE7L0XvH7CmCDccd7k9txOIRWRt 2rj+8YqGvo1fXKnIULVgtltbnxMKhZJO6ISZnTQ+3CnNfWEgXx+dNVDBB1HIGooJ JkpldVmjNXBts/DV0FEZXbYLVWCk90D0sSeMTE64v9U6v690JVGoXHynhYhui4IX gSbbcvwslD8MLHyK1E29t7X3XdIGVuzcq+OJ7oFn7T1lX14UflvKRNkEDDfc4Tsj lllrvrU084mWQaryldWIGzDNDT7O4RDsTCKzEPYSqXm3mxP13jZj1sDv1f1/2FdQ GmjCFIvlnYZeHB2mbStt3T9LXe7tuaF1TIYnG103h/SQEmwfiOk= =m//a -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. IOUSBDeviceFamily is one of the components used to support device-host communication via USB. A security vulnerability exists in the IOUSBDeviceFamily component in several Apple products. The following products and versions are affected: Apple watchOS earlier than 6.1.1; tvOS earlier than 13.3; iOS earlier than 13.3; iPadOS earlier than 13.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3 iOS 13.3 and iPadOS 13.3 is now available and addresses the following: CallKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL CFNetwork Proxies Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team FaceTime Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero IOSurfaceAccelerator Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2019-8841: Corellium IOUSBDeviceFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8833: Ian Beer of Google Project Zero Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8828: Cim Stordal of Cognite CVE-2019-8838: Dr Silvio Cesare of InfoSect libexpat Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: This issue was addressed by updating to expat version 2.2.8. CVE-2019-15903: Joonun Jang Photos Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel Description: The issue was addressed with improved validation when an iCloud Link is created. CVE-2019-8857: Tor Bruce Security Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8832: Insu Yun of SSLab at Georgia Tech WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8835: Anonymous working with Trend Micro's Zero Day Initiative, Mike Zhang of Pangu Team CVE-2019-8844: William Bowling (@wcbowling) WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8846: Marcin Towalski of Cisco Talos Additional recognition Accounts We would like to acknowledge Kishan Bagaria (KishanBagaria.com <http://kishanbagaria.com/>) and Tom Snelling of Loughborough University for their assistance. Core Data We would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance. Settings We would like to acknowledge an anonymous researcher for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ <https://www.apple.com/itunes/> iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.3 and iPadOS 13.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 <https://support.apple.com/kb/HT201222> This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ <https://www.apple.com/support/security/pgp/> -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFpoACgkQBz4uGe3y 0M18fQ//WhVI4LKBRFvq8A5p7T8wwMklItFubvFzcxAec3ZHIYAXTTLpvZWNKCrc wvqlPkNBs1onvaq6LPddeL9uMWgBB0iiks6HX5oRrHuvutiRGC1n8VzJCgW8BWwI 7CNFNBXl4iBflupZlCnSdbwbDkJSyNN+DvouxzfXMqbpdnjV1NVNtlM/WrdFnVgU vqAnxY7FEFrwgyU/zAbfyo5S4qJ2fRC9MPiO3Tiq+abVEcprQ4wSmKJUtgvgudOX witjbU8I9eKz2H5jq555gkq4yZVHjg7vDhj1Ln1Zm2bO2PM5A6dsXsSCwzIYaqvF /wbrOuVbw1f1F4mD8Oq7IFHXsoWysUnOPEApeKE7L0XvH7CmCDccd7k9txOIRWRt 2rj+8YqGvo1fXKnIULVgtltbnxMKhZJO6ISZnTQ+3CnNfWEgXx+dNVDBB1HIGooJ JkpldVmjNXBts/DV0FEZXbYLVWCk90D0sSeMTE64v9U6v690JVGoXHynhYhui4IX gSbbcvwslD8MLHyK1E29t7X3XdIGVuzcq+OJ7oFn7T1lX14UflvKRNkEDDfc4Tsj lllrvrU084mWQaryldWIGzDNDT7O4RDsTCKzEPYSqXm3mxP13jZj1sDv1f1/2FdQ GmjCFIvlnYZeHB2mbStt3T9LXe7tuaF1TIYnG103h/SQEmwfiOk= =m//a -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) and Unity Pro are products of the French company Schneider Electric. Schneider Electric EcoStruxure Control Expert is a set of programming software for Schneider Electric logic controller products. Unity Pro is a set of universal programming, debugging and operating software for the Modicon Premium, Atrium and Quantum PLC series. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a network system or product. No detailed vulnerability details are provided at this time

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Several Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. XHQ Contains an input validation vulnerability.Information may be obtained and information may be altered. Siemens XHQ production and operation intelligence is Siemens Energy's flagship solution, which is widely deployed in the world's largest oil and gas and chemical companies

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known. plural EN100 Ethernet The module contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Several Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. XHQ Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Siemens XHQ production and operation intelligence is Siemens Energy's flagship solution, which is widely deployed in the world's largest oil and gas and chemical companies

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. ClearSCADA Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Schneider Electric EcoStruxure Geo SCADA Expert (EcoStruxure Geo SCADA Expert) is a set of data acquisition and monitoring software (SCADA) from Schneider Electric (France). The folders in Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) are vulnerable to permission permissions and access control issues. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. No detailed vulnerability details are provided at this time. Attackers can exploit this vulnerability to delete or modify database, configuration and certificate files

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known. plural EN100 Ethernet The module contains a path traversal vulnerability.Information may be obtained

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known. plural EN100 Ethernet The module contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext. SiNVR 3 Central Control Server (CCS) and Video Server Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH