VARIoT IoT vulnerabilities database
| VAR-202001-0122 | CVE-2020-0602 | ASP.NET Core Denial of service in Japan (DoS) Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. "Denial of service (DoS) May be in a state. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from the software's incorrect handling of web requests. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update
Advisory ID: RHSA-2020:0134-01
Product: .NET Core on Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0134
Issue date: 2020-01-16
CVE Names: CVE-2020-0602 CVE-2020-0603
====================================================================
1. Summary:
An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available
for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
.NET Core is a managed-software framework. It implements a subset of the
.NET framework APIs and several new APIs, and it includes a CLR
implementation. The updated versions are .NET Core SDK 3.0.102, .NET Core
Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1.
Security Fixes:
* dotnet: Memory Corruption in SignalR (CVE-2020-0603)
* dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)
Users must rebuild their applications to pick up the fixes.
Default inclusions for applications built with .NET Core have been updated
to reference the newest versions and their security fixes.
For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102
1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101
1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue
1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR
6. Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64:
rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64:
rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64:
rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-0602
https://access.redhat.com/security/cve/CVE-2020-0603
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j
F2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6
KjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3
FIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B
edz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ
2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+
XXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI
M3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM
L6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1
2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw
8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK
EuYGFNW4Ux4\xadZz
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202001-1698 | CVE-2020-5852 | plural BIG-IP Product vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2. plural BIG-IP The product contains unspecified vulnerabilities.Service operation interruption (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Security vulnerability exists in F5 BIG-IP Hotfix-BIGIP-14.1.2.1.0.83.4-ENG, Hotfix-BIGIP-12.1.4.1.0.97.6-ENG and Hotfix-BIGIP-11.5.4.2.74.291-HF2 . An attacker could exploit this vulnerability to cause traffic processing to terminate
| VAR-202001-1994 | No CVE | ZTE ZXR10 1800-2S has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
ZXR10 1800-2S is a router product of ZTE Corporation of China.
ZTE ZXR10 1800-2S has a denial of service vulnerability. Attackers can use vulnerabilities to cause denial of service attacks.
| VAR-202001-1996 | No CVE | ZTE ZXR10 1800-2S has unauthorized access vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
ZXR10 1800-2S is a router product of ZTE Corporation of China.
ZTE ZXR10 1800-2S has an unauthorized access vulnerability. Attackers can use vulnerabilities to bypass permissions and reset router configuration files.
| VAR-202001-1998 | No CVE | ZTE ZXR10 1800-2S has an information disclosure vulnerability |
CVSS V2: 2.7 CVSS V3: - Severity: LOW |
ZXR10 1800-2S is a router product of ZTE Corporation of China.
ZTE ZXR10 1800-2S has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202001-1486 | CVE-2019-10940 | SIEMENS SINEMA Server Incorrect Session Authentication Vulnerability |
CVSS V2: 9.0 CVSS V3: 9.9 Severity: CRITICAL |
A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known. SINEMA Server Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SINEMA Server is the network management software designed by Siemens for Industrial Ethernet. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
| VAR-202001-0651 | CVE-2019-13933 | SIEMENS SCALANCE X witches Series Authentication Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: 8.6 Severity: HIGH |
A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE X-200RNA and SCALANCE X-300 The switch family is vulnerable to a lack of authentication for critical functions.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SCALANCE X witches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs).
The SIEMENS SCALANCE X witches series has an authentication bypass vulnerability. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
| VAR-202001-0600 | CVE-2019-18244 | OSIsoft PI Vision Vulnerabilities in information disclosure from log files |
CVSS V2: 1.9 CVSS V3: 4.7 Severity: MEDIUM |
In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue. OSIsoft PI Vision Contains an information disclosure vulnerability in log files.Information may be obtained. OSIsoft PI Vision is a set of commercialized software application platform based on Ckient / Server structure of OSIsoft Company in the United States, which supports data collection, analysis and visualization
| VAR-202001-0593 | CVE-2019-18275 | OSIsoft PI Vision Vulnerable to unauthorized authentication |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes. OSIsoft PI Vision Contains an incorrect authentication vulnerability.Information may be obtained. OSIsoft PI Vision is a set of commercialized software application platform based on Ckient / Server structure of OSIsoft Company in the United States, which supports data collection, analysis and visualization
| VAR-202001-0124 | CVE-2020-0605 | .NET Framework and .NET Core Vulnerable to remote code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606
| VAR-202001-0591 | CVE-2019-18271 | OSIsoft PI Vision Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site. OSIsoft PI Vision is a set of commercialized software application platform based on Ckient / Server structure of OSIsoft Company in the United States, which supports data collection, analysis and visualization
| VAR-202001-0592 | CVE-2019-18273 | OSIsoft PI Vision Cross-Site Scripting Vulnerability |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced. OSIsoft PI Vision Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. OSIsoft PI Vision is a set of commercialized software application platform based on Ckient / Server structure of OSIsoft Company in the United States, which supports data collection, analysis and visualization
| VAR-202001-1850 | CVE-2019-19278 | SIEMENS SINAMICS PERFECT HARMONY GH180 Access control vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SINAMICS PERFECT HARMONY GH180 The device contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The SINAMICS Perfect Harmony GH180 medium voltage inverter series is used to control medium voltage inverters or inverters in various applications. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
| VAR-202001-0751 | CVE-2019-13524 | plural GE PACSystems RX3i Input validation vulnerabilities in products |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode. plural GE PACSystems RX3i The product contains an input validation vulnerability.Denial of service (DoS) May be in a state. GE PACSystems is a programmable automation controller product from GE
| VAR-202001-0420 | CVE-2019-3981 | MikroTik Winbox Input validation vulnerability |
CVSS V2: 4.3 CVSS V3: 3.7 Severity: LOW |
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password. MikroTik Winbox Contains an input validation vulnerability.Information may be obtained. A security vulnerability exists in MikroTik Winbox 3.20 and earlier versions
| VAR-202001-0125 | CVE-2020-0606 | .NET Framework and .NET Core Vulnerable to remote code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605
| VAR-202006-0667 | CVE-2019-6196 | plural Lenovo installation Unreliable search path vulnerabilities in packages |
CVSS V2: 6.9 CVSS V3: 7.3 Severity: HIGH |
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. plural Lenovo installation The package contains a vulnerability in an unreliable search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. There is a code problem vulnerability in the Lenovo installation package before 1.2.9.3. A local attacker could exploit this vulnerability via a specially crafted symbolic link to gain elevated privileges
| VAR-202006-0601 | CVE-2019-6173 | plural Lenovo installation Unreliable search path vulnerabilities in packages |
CVSS V2: 6.9 CVSS V3: 6.5 Severity: MEDIUM |
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. plural Lenovo installation The package contains a vulnerability in an unreliable search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. There is a code problem vulnerability in the Lenovo installation package before 1.2.9.3. An attacker could exploit this vulnerability to elevate privileges
| VAR-202001-1699 | CVE-2020-5853 | BIG-IP APM portal access Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict. BIG-IP APM portal access Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks. A cross-site scripting vulnerability exists in F5 BIG-IP APM. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The following products and versions are affected: F5 BIG-IP APM 15.0.0 to 15.1.0, 14.0.0 to 14.1.2, 13.1.0 to 13.1.3, 12.1.0 to 12.1. 5 version, 11.5.2 version to 11.6.5 version
| VAR-202001-0503 | CVE-2019-16153 | Fortinet FortiSIEM Vulnerable to use of hard-coded credentials |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. Fortinet FortiSIEM Contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state