VARIoT IoT vulnerabilities database
| VAR-201909-0863 | CVE-2019-13920 | Siemens SINEMA Remote Connect Server Cross-Site Request Forgery Vulnerability |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. SINEMA Remote Connect helps users access remote devices or machines for easy and safe maintenance. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network
| VAR-201909-1515 | CVE-2019-13922 | SINEMA Remote Connect Server Vulnerabilities in the use of weak password hashes |
CVSS V2: 4.0 CVSS V3: 2.7 Severity: LOW |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network
| VAR-201909-0084 | CVE-2019-9009 | 3S-Smart CODESYS Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 3S-Smart CODESYS There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions.
A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control. An attacker could exploit the vulnerability with a specially crafted request to cause a denial of service. The following products and versions are affected: CODESYS Control for BeagleBone version before 3.5.15.0, CODESYS Control for emPC-A / iMX6 version before 3.5.15.0, CODESYS Control for IOT2000 version before 3.5.15.0, CODESYS Control for Linux version before 3.5.15.0 , Before CODESYS Control for PFC100 3.5.15.0, before CODESYS Control for PFC200 3.5.15.0, before CODESYS Control for Raspberry Pi 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0 Version (for Beckhoff CX), CODESYS Control Win V3 before 3.5.15.0 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit before 3.5.15.0, CODESYS V3 Safety SIL2 before 3.5.15.0, CODESYS Gateway V3 Version before 3.5.15.0, CODESYS HMI V3 version before 3.5.15.0, CODESYS V3 Simulation Runtime version before 3.5.15.0 (part of CODESYS Development System)
| VAR-201909-0641 | CVE-2019-16288 | Tenda N301 Wireless router input validation vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. Tenda N301 Wireless routers contain a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. Tenda N301 is a wireless router from China Tenda.
There is an input validation error vulnerability in Tenda N301
| VAR-201910-0254 | CVE-2019-3421 | ZTE ZX297520V3 Vulnerability in injection |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system. ZTE ZX297520V3 Contains an injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ZTE Microelectronics is committed to providing overall solutions for 3G / 4G terminals, providing products such as baseband processors, radio frequency, application processors, and power chips.
A remote command execution vulnerability exists in a process of ZTE's 4G baseband system. An attacker can remotely trigger the vulnerability in various ways to obtain root permissions of the baseband operating system
| VAR-201909-1000 | CVE-2019-13542 | 3S-Smart Software Solutions CODESYS Control Code Issue Vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions.
A code issue vulnerability exists in 3S-Smart Software Solutions CODESYS Control. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: CODESYS Control for BeagleBone 3.5.11.0 to 3.5.15.0, CODESYS Control for emPC-A / iMX6 3.5.11.0 to 3.5.15.0, and CODESYS Control for IOT2000 3.5.11.0 to 3.5. Version 15.0, CODESYS Control for Linux 3.5.11.0 to 3.5.15.0, CODESYS Control for PFC100 3.5.11.0 to 3.5.15.0, CODESYS Control for PFC200 3.5.11.0 to 3.5.15.0, CODESYS Control for Raspberry Pi Version 3.5.11.0 to 3.5.15.0, CODESYS Control RTE V3 3.5.11.0 to 3.5.15.0, CODESYS Control RTE V3 3.5.11.0 to 3.5.15.0 (for Beckhoff CX), CODESYS Control Win V3 3.5.11.0 Version to 3.5.15.0 (also part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit version 3.5.11.0 to 3.5.15.0
| VAR-201909-0996 | CVE-2019-13532 | 3S-Smart Software Solutions CODESYS V3 web server Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. CODESYS V3 web The server contains a path traversal vulnerability.Information may be obtained
| VAR-201909-1519 | CVE-2019-13548 | 3S-Smart Software Solutions CODESYS V3 web server Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. CODESYS V3 web The server contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS V3 web server is a web server used by 3S-Smart Software Solutions of Germany in CODESYS products. 3S-Smart Software Solutions CODESYS V3 web server A buffer overflow vulnerability exists in versions prior to 3.5.14.10
| VAR-201909-0998 | CVE-2019-13538 | 3S-Smart Software Solutions CODESYS Development System Cross-Site Scripting Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.6 Severity: HIGH |
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. 3S-Smart Software Solutions The CODESYS Development System is a set of programming tools for industrial controllers and automation technology from 3S-Smart Software Solutions, Germany
| VAR-201909-0997 | CVE-2019-13534 | Philips IntelliVue WLAN portable patient Vulnerabilities related to incompleteness verification of downloaded code in Monitor |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. Philips IntelliVue WLAN portable patient The monitor contains a vulnerability related to the integrity verification of downloaded code.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVue MP monitors MP20-MP90 are all portable patient vital sign monitors from Philips in Europe. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
| VAR-201909-0563 | CVE-2019-16256 | plural Samsung Vulnerability related to privilege management in devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. plural Samsung The device contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in Samsung devices, including: SIMalliance Toolbox Browser. A remote attacker could exploit this vulnerability to retrieve address and IMEI information, retrieve other data, or execute commands
| VAR-201909-0995 | CVE-2019-13530 | Philips IntelliVue WLAN portable patient monitor Vulnerabilities related to the use of hard-coded credentials |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. Philips IntelliVue WLAN portable patient monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVue MP monitors MP20-MP90 are all portable patient vital sign monitors from Philips in Europe. A trust management issue vulnerability exists in several Philips products. An attacker could exploit this vulnerability to log in
| VAR-201909-1025 | CVE-2019-14236 | plural STMicroelectronics Unauthorized authentication vulnerabilities in product devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. plural STMicroelectronics Product devices contain unauthorized authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities exist in several STMicroelectronics products. An attacker could exploit this vulnerability to bypass proprietary Code Readout Protection (PCROP). The following products and versions are affected: STMicroelectronics STM32L0; STM32L1; STM32L4; STM32F4; STM32F7; STM32H7
| VAR-201909-0565 | CVE-2019-16261 | Tripp Lite PDUMH15AT Authentication vulnerabilities in devices |
CVSS V2: 8.5 CVSS V3: 9.1 Severity: CRITICAL |
Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053. Tripp Lite PDUMH15AT The device contains an authentication vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Tripp Lite PDUMH15AT is a metered PDU (Power Distribution Unit) device from Tripp Lite in the United States. An authorization issue vulnerability exists in Tripp Lite PDUMH15AT version 12.04.0053. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products
| VAR-201909-1026 | CVE-2019-14237 | plural NXP Kinetis Unauthorized authentication vulnerabilities in product devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. NXP Kinetis KV1x , KV3x , K8x Devices contain an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NXP Semiconductors NXP Kinetis KV1x, etc. are all microcontrollers from NXP Semiconductors in the Netherlands. A security vulnerability exists in NXP Semiconductors NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x
| VAR-201909-0564 | CVE-2019-16257 | plural Motorola Vulnerability related to privilege management in devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. plural Motorola The device contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in Motorola devices, including: SIMalliance Toolbox Browser. A remote attacker could exploit this vulnerability to retrieve address and IMEI information, retrieve other data, or execute commands
| VAR-201909-1491 | CVE-2019-11184 | plural Intel Product race condition vulnerabilities |
CVSS V2: 2.3 CVSS V3: 4.8 Severity: MEDIUM |
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. plural Intel The product contains a race condition vulnerability.Information may be obtained. Intel Xeon E5 and so on are the products of Intel Corporation of the United States. Intel Xeon E5 is a Xeon (Xeon) E5 series central processing unit (CPU). Intel Xeon E7 is a Xeon (Xeon) E7 series central processing unit (CPU). Intel Xeon SP is a scalable central processing unit (CPU) product.
There are security vulnerabilities in Intel Xeon E5, E7, and SP series that support DDIO and RDMA. An attacker could use this vulnerability to leak information
| VAR-201909-0101 | CVE-2019-3638 | McAfee Web Gateway Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 9.6 Severity: CRITICAL |
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. McAfee Web Gateway (MWG) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The product provides features such as threat protection, application control, and data loss prevention. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-201909-0102 | CVE-2019-3643 | McAfee Web Gateway Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. The product provides features such as threat protection, application control, and data loss prevention. The vulnerability stems from the failure of the network system or product to properly validate the input data
| VAR-201909-0103 | CVE-2019-3644 | McAfee Web Gateway Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. The product provides features such as threat protection, application control, and data loss prevention. An attacker could exploit this vulnerability to cause a denial of service