VARIoT IoT vulnerabilities database
| VAR-201909-1548 | No CVE | Advantech WebAccess HMI Designer has a memory corruption vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Advantech WebAccess HMI Designer is software that creates a complete solution for all HMI products and HMI applications, including the TPC / WebOP / UNO series.
Advantech WebAccess HMI Designer has a memory corruption vulnerability that could be exploited by an attacker to execute malicious code or cause the program to crash
| VAR-201909-1546 | No CVE | Kingview project has password bypass vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
The Kingview project has a password bypass vulnerability. An attacker could use this vulnerability to bypass the project password to protect the operation project
| VAR-201909-1560 | No CVE | Widefield3 has a logic flaw |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Widefield3, also known as Yokogawa PLC programming software, is a multifunctional PLC programming tool.
Widefield3 has a logic flaw vulnerability that an attacker can use to reconstruct the protection password of a program block or macro
| VAR-201909-1549 | No CVE | Advantech WebAccess HMI Designer has dll hijacking vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Advantech WebAccess HMI Designer is software that creates a complete solution for all HMI products and HMI applications, including the TPC / WebOP / UNO series.
Advantech WebAccess HMI Designer has a dll hijacking vulnerability. Attackers can use this vulnerability to load malicious dlls and execute malicious code
| VAR-201910-0309 | CVE-2019-6474 | ISC Kea DHCP Input Validation Error Vulnerability |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. ISC (Internet Systems Consortium) Provided by Kea DHCP The server has a service disruption (DoS) Vulnerabilities exist. Kea DHCP The server contains several vulnerabilities: * DHCPv6 Malformed format when operating on server DUID With packets containing Kea DHCPv6 server process (kea-dhcp6) Ends - CVE-2019-6472 * DHCPv4 While operating on the server hostname Depending on options assertion failure Occurs, Kea DHCPv4 server process (kea-dhcp4) Ends - CVE-2019-6473 * As a storage location for lease information memfile Is specified, if invalid lease information is stored in the storage more than a certain number Kea Server cannot be restarted - CVE-2019-6474Service disruption by a third party who can access the network to which the product is connected (DoS) An attack may be carried out. ISC Kea DHCP is an open source DHCP (Dynamic Host Configuration Protocol) server from the American ISC Corporation.
An input validation error vulnerability exists in ISC Kea DHCP versions 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. The vulnerability stems from a network system or product that did not properly validate the input data
| VAR-201909-1003 | CVE-2019-13518 | EZ Touch Editor Buffer error vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. EZ Touch Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EZAutomation EZ Touch Editor is a set of HMI (Human Machine Interface) programming software from EZAutomation, USA
| VAR-201909-1004 | CVE-2019-13522 | EZAutomation EZ PLC Editor Buffer Overflow Vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. EZ PLC Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EZAutomation EZ PLC Editor is a PLC (Programmable Logic Controller) programming software from EZAutomation. A buffer overflow vulnerability exists in EZAutomation EZ PLC Editor 1.8.41 and earlier. An attacker could exploit the vulnerability to damage memory and execute code with the application privileges
| VAR-201909-0093 | CVE-2019-3751 | Dell EMC Enterprise Copy Data Management Vulnerabilities related to certificate validation |
CVSS V2: 5.8 CVSS V3: 7.4 Severity: HIGH |
Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. A security vulnerability exists in Dell EMC eCDM. The following products and versions are affected: Dell EMC eCDM version 1.0, version 1.1, version 2.0, version 2.1, version 3.0
| VAR-201909-0030 | CVE-2019-6182 | Lenovo XClarity Administrator Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains an injection vulnerability.Information may be tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a CSV injection vulnerability in versions earlier than Lenovo LXCA 2.5.0
| VAR-201909-0028 | CVE-2019-6180 | Lenovo XClarity Administrator Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0. A remote attacker could exploit this vulnerability to execute JavaScript code in the user's browser
| VAR-201909-0027 | CVE-2019-6179 | Lenovo XClarity Administrator and Lenovo XClarity Integrator In XML External entity vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. Security vulnerabilities exist in Lenovo XClarity Administrator (LXCA), Lenovo XClarity Integrator (LXCI) for Microsoft System Center, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter. An attacker could exploit this vulnerability to disclose information
| VAR-201909-0029 | CVE-2019-6181 | Lenovo XClarity Administrator Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0
| VAR-201909-1669 | No CVE | Sangfor VPN equipment has a command execution vulnerability (CNVD-2019-23107) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Sangfor Technology Co., Ltd. is a provider of products, services and solutions focusing on enterprise-level security, cloud computing and infrastructure.
Sangfor VPN equipment has a command execution vulnerability, which can be exploited by attackers to gain server permissions.
| VAR-201909-1670 | No CVE | Sangfor VPN device has command execution vulnerability (CNVD-2019-23106) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Sangfor Technology Co., Ltd. is a provider of products, services and solutions focusing on enterprise-level security, cloud computing and infrastructure.
Sangfor VPN equipment has a command execution vulnerability, which can be exploited by attackers to gain server permissions.
| VAR-201908-2191 | No CVE | Xiaomi Mi Band 4NFC has logic flaws |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Xiaomi Bracelet 4NFC is a smart bracelet produced by Xiaomi Technology Co., Ltd.
Xiaomi Mi Band 4NFC has a logic flaw vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-201909-0009 | CVE-2019-4321 | plural IBM Vulnerabilities related to certificate and password management in products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts
| VAR-201908-0045 | CVE-2019-6113 | ONKYO TX-NR686 A/V Receiver Path traversal vulnerability in devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. ONKYO TX-NR686 A/V Receiver The device contains a path traversal vulnerability.Information may be obtained. ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver is a home theater equipment produced by ONKYO, Japan. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
| VAR-201908-0356 | CVE-2019-15630 | MuleSoft Mule Runtime and MuleSoft API Gateway Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. MuleSoft Mule Runtime and MuleSoft API Gateway Contains a path traversal vulnerability.Information may be obtained. Path traversal vulnerabilities exist in Mulesoft API Gateway (all versions), APIkit, http-connector and OAuth2 Provider modules in Mulesoft 3.x and 4.x versions. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
| VAR-201908-0957 | CVE-2019-15820 | WordPress for login-or-logout-menu-item Plug-in open redirect vulnerability |
CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM |
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. WordPress for login-or-logout-menu-item The plug-in contains an open redirect vulnerability.Information may be obtained and information may be altered. WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. login-or-logout-menu-item is a plugin for login / logout function of website users. An attacker could use this vulnerability to modify the login URL without authorization and redirect the user to a malicious website to steal user credentials
| VAR-201909-0885 | CVE-2019-15043 | Grafana Access Control Error Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. Grafana Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Grafana is a set of open source monitoring tools that provide a visual monitoring interface at Grafana Labs. This tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus.
An access control error vulnerability exists in Grafana that could be exploited by an attacker to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: grafana security, bug fix, and enhancement update
Advisory ID: RHSA-2020:1659-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1659
Issue date: 2020-04-28
CVE Names: CVE-2019-15043
====================================================================
1. Summary:
An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
Grafana is an open source, feature rich metrics dashboard and graph editor
for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version:
grafana (6.3.6). (BZ#1725278)
Security Fix(es):
* grafana: incorrect access control in snapshot HTTP API leads to denial of
service (CVE-2019-15043)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.2 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
grafana-6.3.6-1.el8.src.rpm
aarch64:
grafana-6.3.6-1.el8.aarch64.rpm
grafana-azure-monitor-6.3.6-1.el8.aarch64.rpm
grafana-cloudwatch-6.3.6-1.el8.aarch64.rpm
grafana-debuginfo-6.3.6-1.el8.aarch64.rpm
grafana-elasticsearch-6.3.6-1.el8.aarch64.rpm
grafana-graphite-6.3.6-1.el8.aarch64.rpm
grafana-influxdb-6.3.6-1.el8.aarch64.rpm
grafana-loki-6.3.6-1.el8.aarch64.rpm
grafana-mssql-6.3.6-1.el8.aarch64.rpm
grafana-mysql-6.3.6-1.el8.aarch64.rpm
grafana-opentsdb-6.3.6-1.el8.aarch64.rpm
grafana-postgres-6.3.6-1.el8.aarch64.rpm
grafana-prometheus-6.3.6-1.el8.aarch64.rpm
grafana-stackdriver-6.3.6-1.el8.aarch64.rpm
ppc64le:
grafana-6.3.6-1.el8.ppc64le.rpm
grafana-azure-monitor-6.3.6-1.el8.ppc64le.rpm
grafana-cloudwatch-6.3.6-1.el8.ppc64le.rpm
grafana-debuginfo-6.3.6-1.el8.ppc64le.rpm
grafana-elasticsearch-6.3.6-1.el8.ppc64le.rpm
grafana-graphite-6.3.6-1.el8.ppc64le.rpm
grafana-influxdb-6.3.6-1.el8.ppc64le.rpm
grafana-loki-6.3.6-1.el8.ppc64le.rpm
grafana-mssql-6.3.6-1.el8.ppc64le.rpm
grafana-mysql-6.3.6-1.el8.ppc64le.rpm
grafana-opentsdb-6.3.6-1.el8.ppc64le.rpm
grafana-postgres-6.3.6-1.el8.ppc64le.rpm
grafana-prometheus-6.3.6-1.el8.ppc64le.rpm
grafana-stackdriver-6.3.6-1.el8.ppc64le.rpm
s390x:
grafana-6.3.6-1.el8.s390x.rpm
grafana-azure-monitor-6.3.6-1.el8.s390x.rpm
grafana-cloudwatch-6.3.6-1.el8.s390x.rpm
grafana-debuginfo-6.3.6-1.el8.s390x.rpm
grafana-elasticsearch-6.3.6-1.el8.s390x.rpm
grafana-graphite-6.3.6-1.el8.s390x.rpm
grafana-influxdb-6.3.6-1.el8.s390x.rpm
grafana-loki-6.3.6-1.el8.s390x.rpm
grafana-mssql-6.3.6-1.el8.s390x.rpm
grafana-mysql-6.3.6-1.el8.s390x.rpm
grafana-opentsdb-6.3.6-1.el8.s390x.rpm
grafana-postgres-6.3.6-1.el8.s390x.rpm
grafana-prometheus-6.3.6-1.el8.s390x.rpm
grafana-stackdriver-6.3.6-1.el8.s390x.rpm
x86_64:
grafana-6.3.6-1.el8.x86_64.rpm
grafana-azure-monitor-6.3.6-1.el8.x86_64.rpm
grafana-cloudwatch-6.3.6-1.el8.x86_64.rpm
grafana-debuginfo-6.3.6-1.el8.x86_64.rpm
grafana-elasticsearch-6.3.6-1.el8.x86_64.rpm
grafana-graphite-6.3.6-1.el8.x86_64.rpm
grafana-influxdb-6.3.6-1.el8.x86_64.rpm
grafana-loki-6.3.6-1.el8.x86_64.rpm
grafana-mssql-6.3.6-1.el8.x86_64.rpm
grafana-mysql-6.3.6-1.el8.x86_64.rpm
grafana-opentsdb-6.3.6-1.el8.x86_64.rpm
grafana-postgres-6.3.6-1.el8.x86_64.rpm
grafana-prometheus-6.3.6-1.el8.x86_64.rpm
grafana-stackdriver-6.3.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-15043
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXqhVtdzjgjWX9erEAQjjzQ//UMQ+3TmzrSdgb9VpHE0EhP2PMJi7A9oo
aieBhGN/4wPHmCoH2XHNSQPLkrmJf49ZkIPYzPcoZjs/DQ/oy7J/dT/nVNsW9Aul
/JSVeWjlgNqFn4gZFe5LCtgqzt48FL/hSt1NgPqmpZWmyx1JXThTOed3PcbptmLO
FgIj3Lhs7kcZk/LTvXNC4L3UyhUn5PJK+mXzAtNWTvW0Ca2cWGRVCtbssI/m87IL
AR84wXaVj8xW054DLlojDfigUFXTlJr4PFM6tfFJwxUzgev8Xb6Sg09PM48FEd2L
B7f1W9xb/27cqj0BDapp3vj8+ViKDOIDGeDZxlxdFMkQaK1mHNWOuNiIZCiGBDVd
++OX/wjjxbnfUiRd/ounQLZadta4D9c6qs+xORwHaPVy6hAOeV9UELDY+nmXo3tO
GDGPAmLyJqdYZR/4PO1O0Gp7/dOyL+51J57QpD/7coGrwAikkm9hF2bI1WabRe01
nx/DEFdjOtmHXPR7g41BroCr81bom+J7SCru9MotBCVUm5HbW42mhPxixkb70Tlu
+yUfSLZFO5Ve8VTF+/eMx817pwLQP/a6lkbJzVwwCYMIsgaaEgKXPj5BLM5P7hKk
HyvYc7bWku+csEfM2Cf0qHFIYYxgBqZIp14UU70MZ0J6HQIMWCHXJqngUAzkvqR4
k/AjDHhUTII=yev2
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce