VARIoT IoT vulnerabilities database
| VAR-201910-1746 | No CVE | Mitsubishi FX5U series PLC Denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Mitsubishi FX5U series PLC It is the latest generation of Mitsubishi small programmable controller. Mitsubishi FX5U series PLC A denial of service vulnerability exists. Attackers can cause devices to fail by sending specially crafted packets ( by Gx Works Can't start normally, but can only be recovered by hardware power failure ) .
| VAR-201910-1739 | No CVE | Siemens SIMATIC WinCC ReportRenderer.dll Control has an overflow vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC is an automation software with a single engineering environment. WinCC supports the discovery and configuration of LAN device information using the PN-DCP protocol at the Ethernet layer.
An overflow vulnerability exists in the Siemens SIMATIC WinCC ReportRenderer.dll control. The attacker caused an overflow by constructing a very large integer
| VAR-201910-1744 | No CVE | Siemens SIMATIC WinCC CCScriptConv.dll Control has a stack overflow vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC is an automation software with a single engineering environment. WinCC supports the discovery and configuration of LAN device information using the PN-DCP protocol at the Ethernet layer.
A stack overflow vulnerability exists in the Siemens SIMATIC WinCC CCScriptConv.dll control. An attacker can execute arbitrary code by constructing parameters
| VAR-201910-1749 | No CVE | Integer overflow vulnerability in sacommoncontrols.dll control of Siemens SIMATIC STEP 7 |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens (Germany). The software provides PLC programming, design option packages and advanced driver technology.
An integer overflow vulnerability exists in the sacommoncontrols.dll control of Siemens SIMATIC STEP 7. An attacker could exploit the vulnerability to cause an integer overflow
| VAR-201910-1742 | No CVE | S7HTREEX.OCX control of Siemens SIMATIC STEP 7 has an out-of-bounds access vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens (Germany). The software provides PLC programming, design option packages and advanced driver technology.
The S7HTREEX.OCX control of Siemens SIMATIC STEP 7 has an out-of-bounds access vulnerability. An attacker could exploit the vulnerability to cause out-of-bounds access
| VAR-201910-1745 | No CVE | Stack overflow vulnerability in Siemens SIMATIC WinCC CCDiagnosis.dll control |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC is an automation software with a single engineering environment. WinCC supports the discovery and configuration of LAN device information using the PN-DCP protocol at the Ethernet layer.
A stack overflow vulnerability exists in the Siemens SIMATIC WinCC CCDiagnosis.dll control. An attacker can execute arbitrary code by constructing parameters
| VAR-201910-1743 | No CVE | Siemens SIMATIC WinCC CCRedCodiAlarm Control has null pointer vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC is an automation software with a single engineering environment. WinCC supports the discovery and configuration of LAN device information using the PN-DCP protocol at the Ethernet layer.
There is a null pointer vulnerability in the Siemens SIMATIC WinCC CCRedCodiAlarm control. An attacker could exploit the vulnerability to cause a denial of service
| VAR-201910-1748 | No CVE | Stack overflow vulnerability in Siemens SIMATIC WinCC CcApEditAction.dll control |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC is an automation software with a single engineering environment. WinCC supports the discovery and configuration of LAN device information using the PN-DCP protocol at the Ethernet layer.
A stack overflow vulnerability exists in the Siemens SIMATIC WinCC CcApEditAction.dll control. An attacker executes arbitrary code by constructing an input string, causing a stack overflow
| VAR-201910-1738 | No CVE | Integer overflow vulnerability in S7hcom_x.dll control of Siemens SIMATIC STEP 7 |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens (Germany). The software provides PLC programming, design option packages and advanced driver technology.
An integer overflow vulnerability exists in the S7hcom_x.dll control of Siemens SIMATIC STEP 7. An attacker could exploit the vulnerability to cause an integer overflow
| VAR-201910-1741 | No CVE | Arbitrary file writing vulnerability in Siemens SIMATIC WinCC PdlComponents.dll control |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Siemens SIMATIC is an automation software with a single engineering environment. WinCC supports the discovery and configuration of LAN device information using the PN-DCP protocol at the Ethernet layer.
An arbitrary file writing vulnerability exists in the Siemens SIMATIC WinCC PdlComponents.dll control. An attacker can call this function to write to any file on the computer, including generating a malicious program
| VAR-201910-1860 | No CVE | Arbitrary password reset vulnerability in the front desk of the laboratory management system of Hunan Santang Information Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hunan Santang Information Technology Co., Ltd. takes the IT operation and maintenance integration platform and IT operation and maintenance service sharing platform as the core, and the business system supplemented by the university's smart laboratory and IT customization development to create an "Internet of Things" type IT integrated operation and maintenance platform , Help users to visualize unified operation and maintenance management of IT assets.
An arbitrary password reset vulnerability exists in the front desk of the laboratory management system of Hunan Santang Information Technology Co., Ltd. An attacker can use the vulnerability to reset the administrator account password.
| VAR-201910-1857 | No CVE | SQL injection vulnerability exists in the front desk of the laboratory management system of Hunan Santang Information Technology Co., Ltd. |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Hunan Santang Information Technology Co., Ltd. takes the IT operation and maintenance integration platform and IT operation and maintenance service sharing platform as the core, and the business system supplemented by the university's smart laboratory and IT customization development to create an "Internet of Things" type IT integrated operation and maintenance platform , Help users to visualize unified operation and maintenance management of IT assets.
There is a SQL injection vulnerability in the front of the laboratory management system of Hunan Santang Information Technology Co., Ltd. An attacker can use the vulnerability to obtain database information.
| VAR-201910-0880 | CVE-2019-18203 | RICOH MP 501 Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. RICOH MP 501 The printer contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The RICOH MP 501 is a printer from the Japanese company RICOH. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code
| VAR-202001-0772 | CVE-2019-15712 | FortiMail admin Vulnerabilities related to lack of authentication |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. FortiMail admin Vulnerable to a lack of authentication.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Fortinet FortiMail is a suite of e-mail security gateway products from Fortinet. The product provides features such as email security and data protection. Fortinet FortiMail version 6.2.0, versions 6.0.0 to 6.0.6, and versions 5.4.10 and earlier have security vulnerabilities
| VAR-202001-0771 | CVE-2019-15707 | FortiMail admin Vulnerable to unauthorized authentication |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. FortiMail admin Contains an incorrect authentication vulnerability.Information may be obtained. Fortinet FortiMail is a suite of e-mail security gateway products from Fortinet. The product provides features such as email security and data protection. Fortinet FortiMail version 6.2.0, versions 6.0.0 to 6.0.6, and versions 5.4.10 and earlier have security vulnerabilities. Attackers can exploit this vulnerability to download system backup configuration files
| VAR-201910-1237 | CVE-2019-15703 | Fortinet FortiOS Vulnerabilities related to lack of entropy |
CVSS V2: 2.6 CVSS V3: 7.5 Severity: HIGH |
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. Fortinet FortiOS Contains a vulnerability related to lack of entropy.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiOS versions 6.2.1, 6.2.0, 6.0.8 and earlier have security signature vulnerabilities in the deterministic (pseudo-random) number generator (PRNG). An attacker could exploit this vulnerability to obtain sensitive information
| VAR-201910-0889 | CVE-2019-18216 | ASUS ROG Zephyrus M GM501GS Laptop input validation vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can exhaust the main battery to reset the BIOS configuration, and then achieve direct access to the hard drive by booting a live USB OS without disassembling the laptop. NOTE: the vendor has apparently indicated that this is "normal" and use of the same battery for the BIOS and the overall system is a "new design." However, the vendor apparently plans to "improve" this an unspecified later time. ** Unsettled ** This case has not been confirmed as a vulnerability. ASUS ROG Zephyrus M GM501GS Laptops are vulnerable to input validation. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-18216Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201910-1862 | No CVE | Triconex SIS system has authentication bypass vulnerability |
CVSS V2: 6.6 CVSS V3: - Severity: MEDIUM |
The Triconex SIS system is a modern programmable logic and process controller.
The Triconex SIS system has an authentication bypass vulnerability that can be used by unauthorized attackers to access the controller.
| VAR-201910-1858 | No CVE | Ruijie NBR router has weak password vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects.
A weak password vulnerability exists in Ruijie NBR routers. Attackers can use this vulnerability to obtain sensitive information.
| VAR-201910-0872 | CVE-2019-18202 | WAGO Series PFC100 and PFC200 Vulnerability related to externally controllable references to other domain resources on devices |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company