VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201909-1548 No CVE Advantech WebAccess HMI Designer has a memory corruption vulnerability CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Advantech WebAccess HMI Designer is software that creates a complete solution for all HMI products and HMI applications, including the TPC / WebOP / UNO series. Advantech WebAccess HMI Designer has a memory corruption vulnerability that could be exploited by an attacker to execute malicious code or cause the program to crash
VAR-201909-1546 No CVE Kingview project has password bypass vulnerability CVSS V2: 2.1
CVSS V3: -
Severity: LOW
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd. The Kingview project has a password bypass vulnerability. An attacker could use this vulnerability to bypass the project password to protect the operation project
VAR-201909-1560 No CVE Widefield3 has a logic flaw CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Widefield3, also known as Yokogawa PLC programming software, is a multifunctional PLC programming tool. Widefield3 has a logic flaw vulnerability that an attacker can use to reconstruct the protection password of a program block or macro
VAR-201909-1549 No CVE Advantech WebAccess HMI Designer has dll hijacking vulnerability CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Advantech WebAccess HMI Designer is software that creates a complete solution for all HMI products and HMI applications, including the TPC / WebOP / UNO series. Advantech WebAccess HMI Designer has a dll hijacking vulnerability. Attackers can use this vulnerability to load malicious dlls and execute malicious code
VAR-201910-0309 CVE-2019-6474 ISC Kea DHCP Input Validation Error Vulnerability CVSS V2: 6.1
CVSS V3: 6.5
Severity: MEDIUM
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. ISC (Internet Systems Consortium) Provided by Kea DHCP The server has a service disruption (DoS) Vulnerabilities exist. Kea DHCP The server contains several vulnerabilities: * DHCPv6 Malformed format when operating on server DUID With packets containing Kea DHCPv6 server process (kea-dhcp6) Ends - CVE-2019-6472 * DHCPv4 While operating on the server hostname Depending on options assertion failure Occurs, Kea DHCPv4 server process (kea-dhcp4) Ends - CVE-2019-6473 * As a storage location for lease information memfile Is specified, if invalid lease information is stored in the storage more than a certain number Kea Server cannot be restarted - CVE-2019-6474Service disruption by a third party who can access the network to which the product is connected (DoS) An attack may be carried out. ISC Kea DHCP is an open source DHCP (Dynamic Host Configuration Protocol) server from the American ISC Corporation. An input validation error vulnerability exists in ISC Kea DHCP versions 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. The vulnerability stems from a network system or product that did not properly validate the input data
VAR-201909-1003 CVE-2019-13518 EZ Touch Editor Buffer error vulnerability CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. EZ Touch Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EZAutomation EZ Touch Editor is a set of HMI (Human Machine Interface) programming software from EZAutomation, USA
VAR-201909-1004 CVE-2019-13522 EZAutomation EZ PLC Editor Buffer Overflow Vulnerability CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. EZ PLC Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EZAutomation EZ PLC Editor is a PLC (Programmable Logic Controller) programming software from EZAutomation. A buffer overflow vulnerability exists in EZAutomation EZ PLC Editor 1.8.41 and earlier. An attacker could exploit the vulnerability to damage memory and execute code with the application privileges
VAR-201909-0093 CVE-2019-3751 Dell EMC Enterprise Copy Data Management Vulnerabilities related to certificate validation CVSS V2: 5.8
CVSS V3: 7.4
Severity: HIGH
Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. A security vulnerability exists in Dell EMC eCDM. The following products and versions are affected: Dell EMC eCDM version 1.0, version 1.1, version 2.0, version 2.1, version 3.0
VAR-201909-0030 CVE-2019-6182 Lenovo XClarity Administrator Injection vulnerability CVSS V2: 4.0
CVSS V3: 4.9
Severity: MEDIUM
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains an injection vulnerability.Information may be tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a CSV injection vulnerability in versions earlier than Lenovo LXCA 2.5.0
VAR-201909-0028 CVE-2019-6180 Lenovo XClarity Administrator Vulnerable to cross-site scripting CVSS V2: 3.5
CVSS V3: 4.8
Severity: MEDIUM
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0. A remote attacker could exploit this vulnerability to execute JavaScript code in the user's browser
VAR-201909-0027 CVE-2019-6179 Lenovo XClarity Administrator and Lenovo XClarity Integrator In XML External entity vulnerabilities CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. Security vulnerabilities exist in Lenovo XClarity Administrator (LXCA), Lenovo XClarity Integrator (LXCI) for Microsoft System Center, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter. An attacker could exploit this vulnerability to disclose information
VAR-201909-0029 CVE-2019-6181 Lenovo XClarity Administrator Vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0
VAR-201909-1669 No CVE Sangfor VPN equipment has a command execution vulnerability (CNVD-2019-23107) CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Sangfor Technology Co., Ltd. is a provider of products, services and solutions focusing on enterprise-level security, cloud computing and infrastructure. Sangfor VPN equipment has a command execution vulnerability, which can be exploited by attackers to gain server permissions.
VAR-201909-1670 No CVE Sangfor VPN device has command execution vulnerability (CNVD-2019-23106) CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Sangfor Technology Co., Ltd. is a provider of products, services and solutions focusing on enterprise-level security, cloud computing and infrastructure. Sangfor VPN equipment has a command execution vulnerability, which can be exploited by attackers to gain server permissions.
VAR-201908-2191 No CVE Xiaomi Mi Band 4NFC has logic flaws CVSS V2: 2.1
CVSS V3: -
Severity: LOW
Xiaomi Bracelet 4NFC is a smart bracelet produced by Xiaomi Technology Co., Ltd. Xiaomi Mi Band 4NFC has a logic flaw vulnerability. Attackers can use this vulnerability to obtain sensitive information.
VAR-201909-0009 CVE-2019-4321 plural IBM Vulnerabilities related to certificate and password management in products CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts
VAR-201908-0045 CVE-2019-6113 ONKYO TX-NR686 A/V Receiver Path traversal vulnerability in devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. ONKYO TX-NR686 A/V Receiver The device contains a path traversal vulnerability.Information may be obtained. ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver is a home theater equipment produced by ONKYO, Japan. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
VAR-201908-0356 CVE-2019-15630 MuleSoft Mule Runtime and MuleSoft API Gateway Path traversal vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. MuleSoft Mule Runtime and MuleSoft API Gateway Contains a path traversal vulnerability.Information may be obtained. Path traversal vulnerabilities exist in Mulesoft API Gateway (all versions), APIkit, http-connector and OAuth2 Provider modules in Mulesoft 3.x and 4.x versions. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
VAR-201908-0957 CVE-2019-15820 WordPress for login-or-logout-menu-item Plug-in open redirect vulnerability CVSS V2: 5.8
CVSS V3: 6.1
Severity: MEDIUM
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. WordPress for login-or-logout-menu-item The plug-in contains an open redirect vulnerability.Information may be obtained and information may be altered. WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. login-or-logout-menu-item is a plugin for login / logout function of website users. An attacker could use this vulnerability to modify the login URL without authorization and redirect the user to a malicious website to steal user credentials
VAR-201909-0885 CVE-2019-15043 Grafana Access Control Error Vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. Grafana Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Grafana is a set of open source monitoring tools that provide a visual monitoring interface at Grafana Labs. This tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. An access control error vulnerability exists in Grafana that could be exploited by an attacker to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: grafana security, bug fix, and enhancement update Advisory ID: RHSA-2020:1659-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1659 Issue date: 2020-04-28 CVE Names: CVE-2019-15043 ==================================================================== 1. Summary: An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (6.3.6). (BZ#1725278) Security Fix(es): * grafana: incorrect access control in snapshot HTTP API leads to denial of service (CVE-2019-15043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: grafana-6.3.6-1.el8.src.rpm aarch64: grafana-6.3.6-1.el8.aarch64.rpm grafana-azure-monitor-6.3.6-1.el8.aarch64.rpm grafana-cloudwatch-6.3.6-1.el8.aarch64.rpm grafana-debuginfo-6.3.6-1.el8.aarch64.rpm grafana-elasticsearch-6.3.6-1.el8.aarch64.rpm grafana-graphite-6.3.6-1.el8.aarch64.rpm grafana-influxdb-6.3.6-1.el8.aarch64.rpm grafana-loki-6.3.6-1.el8.aarch64.rpm grafana-mssql-6.3.6-1.el8.aarch64.rpm grafana-mysql-6.3.6-1.el8.aarch64.rpm grafana-opentsdb-6.3.6-1.el8.aarch64.rpm grafana-postgres-6.3.6-1.el8.aarch64.rpm grafana-prometheus-6.3.6-1.el8.aarch64.rpm grafana-stackdriver-6.3.6-1.el8.aarch64.rpm ppc64le: grafana-6.3.6-1.el8.ppc64le.rpm grafana-azure-monitor-6.3.6-1.el8.ppc64le.rpm grafana-cloudwatch-6.3.6-1.el8.ppc64le.rpm grafana-debuginfo-6.3.6-1.el8.ppc64le.rpm grafana-elasticsearch-6.3.6-1.el8.ppc64le.rpm grafana-graphite-6.3.6-1.el8.ppc64le.rpm grafana-influxdb-6.3.6-1.el8.ppc64le.rpm grafana-loki-6.3.6-1.el8.ppc64le.rpm grafana-mssql-6.3.6-1.el8.ppc64le.rpm grafana-mysql-6.3.6-1.el8.ppc64le.rpm grafana-opentsdb-6.3.6-1.el8.ppc64le.rpm grafana-postgres-6.3.6-1.el8.ppc64le.rpm grafana-prometheus-6.3.6-1.el8.ppc64le.rpm grafana-stackdriver-6.3.6-1.el8.ppc64le.rpm s390x: grafana-6.3.6-1.el8.s390x.rpm grafana-azure-monitor-6.3.6-1.el8.s390x.rpm grafana-cloudwatch-6.3.6-1.el8.s390x.rpm grafana-debuginfo-6.3.6-1.el8.s390x.rpm grafana-elasticsearch-6.3.6-1.el8.s390x.rpm grafana-graphite-6.3.6-1.el8.s390x.rpm grafana-influxdb-6.3.6-1.el8.s390x.rpm grafana-loki-6.3.6-1.el8.s390x.rpm grafana-mssql-6.3.6-1.el8.s390x.rpm grafana-mysql-6.3.6-1.el8.s390x.rpm grafana-opentsdb-6.3.6-1.el8.s390x.rpm grafana-postgres-6.3.6-1.el8.s390x.rpm grafana-prometheus-6.3.6-1.el8.s390x.rpm grafana-stackdriver-6.3.6-1.el8.s390x.rpm x86_64: grafana-6.3.6-1.el8.x86_64.rpm grafana-azure-monitor-6.3.6-1.el8.x86_64.rpm grafana-cloudwatch-6.3.6-1.el8.x86_64.rpm grafana-debuginfo-6.3.6-1.el8.x86_64.rpm grafana-elasticsearch-6.3.6-1.el8.x86_64.rpm grafana-graphite-6.3.6-1.el8.x86_64.rpm grafana-influxdb-6.3.6-1.el8.x86_64.rpm grafana-loki-6.3.6-1.el8.x86_64.rpm grafana-mssql-6.3.6-1.el8.x86_64.rpm grafana-mysql-6.3.6-1.el8.x86_64.rpm grafana-opentsdb-6.3.6-1.el8.x86_64.rpm grafana-postgres-6.3.6-1.el8.x86_64.rpm grafana-prometheus-6.3.6-1.el8.x86_64.rpm grafana-stackdriver-6.3.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-15043 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhVtdzjgjWX9erEAQjjzQ//UMQ+3TmzrSdgb9VpHE0EhP2PMJi7A9oo aieBhGN/4wPHmCoH2XHNSQPLkrmJf49ZkIPYzPcoZjs/DQ/oy7J/dT/nVNsW9Aul /JSVeWjlgNqFn4gZFe5LCtgqzt48FL/hSt1NgPqmpZWmyx1JXThTOed3PcbptmLO FgIj3Lhs7kcZk/LTvXNC4L3UyhUn5PJK+mXzAtNWTvW0Ca2cWGRVCtbssI/m87IL AR84wXaVj8xW054DLlojDfigUFXTlJr4PFM6tfFJwxUzgev8Xb6Sg09PM48FEd2L B7f1W9xb/27cqj0BDapp3vj8+ViKDOIDGeDZxlxdFMkQaK1mHNWOuNiIZCiGBDVd ++OX/wjjxbnfUiRd/ounQLZadta4D9c6qs+xORwHaPVy6hAOeV9UELDY+nmXo3tO GDGPAmLyJqdYZR/4PO1O0Gp7/dOyL+51J57QpD/7coGrwAikkm9hF2bI1WabRe01 nx/DEFdjOtmHXPR7g41BroCr81bom+J7SCru9MotBCVUm5HbW42mhPxixkb70Tlu +yUfSLZFO5Ve8VTF+/eMx817pwLQP/a6lkbJzVwwCYMIsgaaEgKXPj5BLM5P7hKk HyvYc7bWku+csEfM2Cf0qHFIYYxgBqZIp14UU70MZ0J6HQIMWCHXJqngUAzkvqR4 k/AjDHhUTII=yev2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce