VARIoT IoT vulnerabilities database

Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. plural Samsung The device contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in Samsung devices, including: SIMalliance Toolbox Browser. A remote attacker could exploit this vulnerability to retrieve address and IMEI information, retrieve other data, or execute commands

Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. Philips IntelliVue WLAN portable patient monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVue MP monitors MP20-MP90 are all portable patient vital sign monitors from Philips in Europe. A trust management issue vulnerability exists in several Philips products. An attacker could exploit this vulnerability to log in

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. plural STMicroelectronics Product devices contain unauthorized authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities exist in several STMicroelectronics products. An attacker could exploit this vulnerability to bypass proprietary Code Readout Protection (PCROP). The following products and versions are affected: STMicroelectronics STM32L0; STM32L1; STM32L4; STM32F4; STM32F7; STM32H7

Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053. Tripp Lite PDUMH15AT The device contains an authentication vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Tripp Lite PDUMH15AT is a metered PDU (Power Distribution Unit) device from Tripp Lite in the United States. An authorization issue vulnerability exists in Tripp Lite PDUMH15AT version 12.04.0053. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. NXP Kinetis KV1x , KV3x , K8x Devices contain an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NXP Semiconductors NXP Kinetis KV1x, etc. are all microcontrollers from NXP Semiconductors in the Netherlands. A security vulnerability exists in NXP Semiconductors NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x

Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. plural Motorola The device contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in Motorola devices, including: SIMalliance Toolbox Browser. A remote attacker could exploit this vulnerability to retrieve address and IMEI information, retrieve other data, or execute commands

A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. plural Intel The product contains a race condition vulnerability.Information may be obtained. Intel Xeon E5 and so on are the products of Intel Corporation of the United States. Intel Xeon E5 is a Xeon (Xeon) E5 series central processing unit (CPU). Intel Xeon E7 is a Xeon (Xeon) E7 series central processing unit (CPU). Intel Xeon SP is a scalable central processing unit (CPU) product. There are security vulnerabilities in Intel Xeon E5, E7, and SP series that support DDIO and RDMA. An attacker could use this vulnerability to leak information

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. McAfee Web Gateway (MWG) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The product provides features such as threat protection, application control, and data loss prevention. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. The product provides features such as threat protection, application control, and data loss prevention. The vulnerability stems from the failure of the network system or product to properly validate the input data

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. The product provides features such as threat protection, application control, and data loss prevention. An attacker could exploit this vulnerability to cause a denial of service

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing code segments from external input data. Attackers can exploit this vulnerability to generate illegal code segments and modify the expected execution control flow of network systems or components

A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:2732-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2732 Issue date: 2019-09-11 CVE Names: CVE-2019-1301 ==================================================================== 1. Summary: An update for rh-dotnet21-dotnet and rh-dotnet22-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service (CVE-2019-1301) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1750793 - CVE-2019-1301 dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-1301 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXjwE9zjgjWX9erEAQh4+g/+IzAqdtB4ZLUCETa7mQF2dBTDwmedG4TN fcU7Cd0UpbfHs0fTImFN14ZGt+/d4JLSJ0f4yCoXHBVABRkhb/c3XQrfJvundSqP WJdzZ7ITstBE2bxUyLglAgg7dkea0fFsub0WwoYrPCad+ggZznyVoSX0c44W6SR7 U9JVRV6pose3ceECtmFkgBQPcsUJKhYebeNe/xNEBPaSIJsbt/nu63WcnVoQRv9z HJCesQs6DW85QHd9+muvPq27keOvxe3v7ltusVPlvjw/vxVTkHwTDKLl2sWKXbkv k9E8Wiy7MucyRJo/Suc+xW+5mKsMEOQeSiBN/6WAGRnb5fVrUYjo9qtpq/INM8bP 3obkR5svSAPE46DLpnjuNVtiq8m9hrnDTwrxqeURDVC3GLFmskGAp3dWyXIefsuK pVSjgRGiqvJa1C8XZSvbihd5yLCp/0j8yvD8o4beEZyCnfql7T+fkXUE1vNgnNQL RWup6jVPyOK0nMUcob0wImClrmZ2qV/YwrTMvXObQwrQvLx2PblVAk4fX0Ts1Jtv poV6RYyTK5EOS4VgShYkVdGx+drlNNYyNnk3t0mm/Adr5p2H93ZN9wrttTB3qw+C WbtKSOCLJTM4mg3BE9YlyiJnqlXsATIdjfWtctqS8KK7x1HmJKT0hTW+S7IuuXSV RMiic1TBPqQ=HlAt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. IE/WSN-PA Link WirelessHART Gateway Contains a cross-site scripting vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IE/WSN-PA Link is a gateway that connects a WirelessHART network to Industrial Ethernet. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. VIVOTEK IP Camera The device firmware contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. VIVOTEK IPCam Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vivotek VIVOTEK IPCam is a network camera produced by Taiwan Vivotek Corporation. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. Advantech WebAccess/SCADA Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer error vulnerability exists in Advantech WebAccess/SCADA version 8.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC TDC CP51M1 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC TDC CP51M1 is an industrial Ethernet communication module for the SIMATIC TDC automation system from Siemens AG, Germany. An input validation error vulnerability exists in the Siemens SIMATIC TDC CP51M1 version prior to 1.1.7