VARIoT IoT vulnerabilities database

Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The SDX20 is a modem. A buffer overflow vulnerability exists in the WLAN feature in several Qualcomm products. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. A resource management error vulnerability exists in the WLAN features in several Qualcomm products. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. There are currently no detailed details of the vulnerability provided. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9640; MDM9650; MSM8996AU; SD855; SDA660; SDX20; SDX24

Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCA6574AU, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SDX20. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The SDX20 is a modem. A resource management error vulnerability exists in the WLAN features in several Qualcomm products. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. There are currently no detailed details of the vulnerability provided. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9640; MDM9650; MSM8909W; QCA6574AU; SD 210; SD 212; SD 205; SDX20

A buffer overflow can occur while processing an extscan hotlist event in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS605, SD 625, SD 636, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. WLAN is one of the wireless LAN components. A buffer overflow vulnerability exists in WLANs in several Qualcomm products. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9640; MDM9650; MSM8909W; MSM8996AU; QCA9379; QCS605;

Buffer overflow in WLAN function due to improper check of buffer size before copying in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 855, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. A buffer overflow vulnerability exists in the WLAN feature in several Qualcomm products. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9640; MDM9650; MSM8996AU; QCS605; SD 625; ;SDM660;SDX20;SDX24

Buffer overflow in WLAN driver event handlers due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. WLAN is one of the wireless LAN components. An input validation error vulnerability exists in WLANs in several Qualcomm products. The vulnerability stems from a network system or product that does not properly validate the input data. An exploit can exploit the vulnerability causing a buffer overflow in the WLAN driver event handler. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9640; MDM9650; MSM8996AU; QCS405; QCS605; SD 636;

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. Embedthis GoAhead Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. EmbedthisSoftwareGoAhead is an embedded web server from EmbedthisSoftware, USA. A buffer overflow vulnerability exists in the http.c file in versions of EmbedthisGoAhead4.1.1 and 5.x prior to 5.0.1. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Out of bounds read occurs due to improper validation of array while processing VDEV stop response from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. WLAN is one of the wireless local area network components. An input validation error vulnerability exists in WLAN in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9640; MDM9650; MSM8996AU; QCS405; QCS605; SD 210; SD 212; SD 205; SD 675; SD 712; SD 710; SD 670; SD 730; SD 820A; SD 835; SD 855; SDA660; SDM630; SDM660; SDX20; SDX24

Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. Dell EMC Avamar ADMe Web Interface Contains an input validation vulnerability.Information may be obtained. An attacker can exploit this issue to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible. DELL EMC Avamar Data Migration Enabler (ADMe) 1.0.50, and 1.0.51 are vulnerable. Restricted - Confidential -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2019-092: Dell EMC Avamar Security Update for ADMe Web UI Vulnerability Dell EMC Identifier: DSA-2019-092 CVE Identifier: CVE-2019-3737 Severity: High Severity Rating: CVSS v3 Base Score: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) Affected products: DELL EMC Avamar(r) ADMe Web UI (c) 1.0.50, 1.0.51 Summary: DELL EMC Avamar(r) Data Migration Enabler (ADMe) Web UI requires security updates to address a local file include(LFI) vulnerability. Credit: Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability. Severity Rating: For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information: Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or spe cial damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAl0D9A0ACgkQgSlofD2Y i6fzPQ//eEi+Z6QtNAokbNsnrwbz7ee96nH+I1eE0o6nQBpeQiml0dlpKJclYlAL 9t0ofaFGANCIwGtQblFOytOyxqLr+/h/iC+o3c3nhk9ULledRL9+1ZQUeIrOxwNC Tii7QsLoGen62Zb7sg0hywpdU8TkuTjI/wNYjs/3Ro9Z59w2/kOr2ZBOvinjE6gT h7TscEgxWgudnmVZv16ot8dmQEYLUYXidu7NsiSQJmaufzGZKgmfWV8VKEFYft/h ymJw/Zyp6tQK5PrduZ1LorRI0RKvKMuVsJySzihxhcMvV4AhUu1YUf3dfxlJSemR A9FlqCzAfOENnDXSiDQKsHrLbghfhN8bjnqYVKGJB/f7wk1nnRWCjtmEwB5xnS2q 1O0qM4cNUsaBPMChcGXZkM/sftbXTxkPV/H2bCiZ4bO0YEHYo7HdFM204qSU6bMM J5Y/vuM7gOdPCwIfhvWOkoGl2KzzoOyWwG7Bx8X/TbLkxzIbxxKPQLWz9AExxrXK csez48O5AipUmkZLXtL521BnkXAYC8R3gE3ONIuxRRvCe7Az/HDfACruiRk66EzM gIj1qYS1Tnsfyca41T1Mn/mhl+YKBVx4uIxnCd4OTaJkPiff2OmFU9rGlXBjk1UR gt5trn1LopcOypjbyb6ftMDdLQCVfXtIvY1bQkrYznrXnDFvz88= =jcLF -----END PGP SIGNATURE-----

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server. ABB IDAL HTTP The server contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALHTTPserver is one of the HTTP (Hypertext Transfer Protocol) servers. A buffer overflow vulnerability exists in IDALHTTPserver in ABBPB610 that could be exploited by an attacker to cause a buffer overflow or heap overflow. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. A directory-traversal vulnerability 3. Multiple memory corruption vulnerabilities 4. A stack-based buffer-overflow vulnerability 5. A buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions. ABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. ABB IDAL HTTP The server contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALHTTPserver is one of the HTTP (Hypertext Transfer Protocol) servers. A memory corruption vulnerability exists in IDALHTTPserver in ABBPB610. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. A directory-traversal vulnerability 3. A stack-based buffer-overflow vulnerability 5. A buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions. ABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALHTTPserver is one of the HTTP (Hypertext Transfer Protocol) servers. A security vulnerability exists in IDALHTTPserver in ABBPB610. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. Multiple memory corruption vulnerabilities 4. Failed exploit attempts will likely cause denial-of-service conditions. ABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable

The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALFTPserver is one of the FTP (File Transfer Protocol) servers. A buffer overflow vulnerability exists in IDALFTPserver in ABBPB610. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. A directory-traversal vulnerability 3. Multiple memory corruption vulnerabilities 4. A buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions. ABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update. plural BD Alaris The product contains an unrestricted file upload vulnerability of a dangerous type.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. BDAlarisGatewayWorkstation and others are products of BD Biotech. BDAlarisGatewayWorkstation is a smart infusion system. BDAlarisGS is a medical syringe pump. BDAlarisGH is a medical syringe pump. BDAlarisGatewayWorkstation has any file upload vulnerabilities. An attacker could exploit these vulnerabilities to upload arbitrary files to an affected computer, which could result in arbitrary code being executed in the context of a vulnerable application. BD Alaris Gateway Workstation is prone to an arbitrary file-upload vulnerability. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device. Alaris Gateway Workstation Contains an access control vulnerability.Information may be obtained. BDAlarisGatewayWorkstation and others are products of BD Biotech. BDAlarisGatewayWorkstation is a smart infusion system. BDAlarisGS is a medical syringe pump. BDAlarisGH is a medical syringe pump. An access control error vulnerability exists in several BD products. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations. BD Alaris Gateway Workstation is prone to an authentication-bypass vulnerability. The following products are affected: BD Alaris Gateway Workstation 1.0.13, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.1.5, 1.1.6 BD Alaris GS 2.3.6 and prior BD Alaris GH 2.3.6 and prior BD Alaris CC 2.3.6 and prior BD Alaris TIVA 2.3.6 and prior. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt. CrossmatchDigitalPersonaU.are.U4500FingerprintReader is a fingerprint reader from Crossmatch, USA

Ruijie Networks Co., Ltd. M8600E-WS-ED is a wireless control business board for cloud architecture network design launched by Ruijie Networks. It is applicable to the RG-S8600E series of new generation cloud architecture network core switches. Ruijie Networks M8600E-WS-ED has a command execution vulnerability. An attacker can use the vulnerability to modify the administrator password and leak information.

Rockwell Allen-Bradley 1769-L32E CompactLogix EtherNet Processor is a 1766-L32 series programmable logic controller (PLC). It provides an integrated ControlNet communication port and an integrated Ethernet interface. Rockwell Allen-Bradley 1769-L32E CompactLogix EtherNet Processor has a denial of service vulnerability. An attacker could use the vulnerability to launch a denial of service attack

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Both Intel Open Cloud Integrity Technology (CIT) and Intel OpenAttestation are products of Intel Corporation. Intel Open Cloud Integrity Technology is a set of solutions for establishing a hardware root of trust and building a chain of trust between hardware, operating systems, hypervisors, virtual machines, and Docker containers. Intel OpenAttestation is an open source project for managing host integrity verification using the remote attestation protocol defined by the TCG. Input validation error vulnerabilities exist in Intel Open CIT and OpenAttestation. A local attacker could exploit this vulnerability to elevate privileges

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Intel Open Cloud Integrity Technology (CIT) is a set of solutions from Intel Corporation for establishing a hardware root of trust and building a chain of trust between hardware, operating systems, hypervisors, virtual machines, and Docker containers. A security feature issue vulnerability exists in Intel Open CIT where the program does not adequately protect passwords. An attacker could exploit this vulnerability to disclose information