VARIoT IoT vulnerabilities database

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges. Siemens' SCALANCE LPE9403 The firmware contains a vulnerability related to improper checking of deleted privileges.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing of Siemens, Germany. It is used to capture, collect and pre-process industrial field data. Siemens SCALANCE LPE9403 has a privilege escalation vulnerability. Attackers can exploit this vulnerability to elevate privileges

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files. Siemens' SCALANCE LPE9403 A path traversal vulnerability exists in firmware.Information may be obtained and information may be tampered with. Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens, Germany. It is used to capture, collect and pre-process industrial field data

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. Siemens' SCALANCE LPE9403 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens, Germany. It is used to capture, collect and pre-process industrial field data. SCALANCE LPE9403 (6GK5998-3GS00-2AC2) has an operating system command injection vulnerability

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. Siemens' SCALANCE LPE9403 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens, Germany. It is used to capture, collect and pre-process industrial field data

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files. Siemens' Tecnomatix Plant Simulation Exists in a vulnerability in externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. The software simplifies engineering and manufacturing processes by creating virtual prototypes from a variety of mechanical computer-aided design (MCAD) formats. Siemens Tecnomatix Plant Simulation is an industrial control device. Use the power of discrete event simulation to analyze and optimize production volume, thereby improving manufacturing system performance

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. The software simplifies engineering and manufacturing processes by creating virtual prototypes from a variety of mechanical computer-aided design (MCAD) formats. Siemens Tecnomatix Plant Simulation is an industrial control device. Use the power of discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. The software simplifies engineering and manufacturing processes by creating virtual prototypes from a variety of mechanical computer-aided design (MCAD) formats. Siemens Tecnomatix Plant Simulation is an industrial control device. Use the functions of discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. The software simplifies engineering and manufacturing processes by creating virtual prototypes from a variety of mechanical computer-aided design (MCAD) formats. Siemens Tecnomatix Plant Simulation is an industrial control device. Use the power of discrete event simulation to analyze and optimize production volume, thereby improving manufacturing system performance

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615. Samsung's SmartThings Exists in a digital signature verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel Watch is a durable smartwatch from Google. There is a buffer overflow vulnerability in Google Pixel Watch. The vulnerability is caused by the lack of boundary check in wl_notify_gscan_event of wl_cfgscan.c

In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android contains an improper permissions retention vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel Watch is a durable smartwatch from Google

In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone from Google, an American company