VARIoT IoT vulnerabilities database
| VAR-202504-2014 | CVE-2025-2287 | Rockwell Automation of Arena Vulnerability in accessing uninitialized pointers in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. (DoS) It may be in a state. Rockwell Automation Arena is discrete-event simulation and automation software from Rockwell Automation
| VAR-202504-2416 | CVE-2025-2286 | Rockwell Automation of Arena Vulnerability in accessing uninitialized pointers in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. (DoS) It may be in a state. Rockwell Automation Arena is discrete-event simulation and automation software from Rockwell Automation
| VAR-202504-2997 | CVE-2025-2285 | Rockwell Automation of Arena Vulnerability in accessing uninitialized pointers in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. (DoS) It may be in a state. Rockwell Automation Arena is discrete-event simulation and automation software from Rockwell Automation
| VAR-202504-3035 | CVE-2024-50565 | Multiple Fortinet products vulnerable to man-in-the-middle issues |
CVSS V2: - CVSS V3: 3.1 Severity: LOW |
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device. Fortiweb , FortiVoice , FortiProxy Several Fortinet products, including the above, are vulnerable to man-in-the-middle issues.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-4202 | CVE-2024-26013 |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device
| VAR-202504-0715 | CVE-2025-29999 | Siemens License Server Improper Permission Management Vulnerability |
CVSS V2: 6.0 CVSS V3: 6.7 Severity: Medium |
A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation.
This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory
| VAR-202504-0719 | CVE-2024-41796 | Siemens' SENTRON 7KT PAC1260 Data Manager Unverified password change vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 6.5 Severity: Medium |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value. Siemens' SENTRON 7KT PAC1260 Data Manager The firmware contains an unverified password change vulnerability.Information may be tampered with. Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy consumption management from Siemens, Germany
| VAR-202504-0725 | CVE-2024-41795 | Siemens' SENTRON 7KT PAC1260 Data Manager Cross-site request forgery vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 6.5 Severity: Medium |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link. Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy consumption management from Siemens, Germany.
Siemens SENTRON 7KT PAC1260 Data Manager has a security vulnerability that stems from the web interface of the affected device allowing the login password to be changed without knowing the current password. Combined with a prepared CSRF attack (CVE-2024-441795), an unauthenticated attacker can exploit this vulnerability to set the password to a value controlled by the attacker
| VAR-202504-0723 | CVE-2024-41794 | Siemens' SENTRON 7KT PAC1260 Data Manager Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: Critical |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793). Siemens' SENTRON 7KT PAC1260 Data Manager A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany. The vulnerability is caused by the existence of hard-coded credentials
| VAR-202504-0721 | CVE-2024-41793 | Siemens' SENTRON 7KT PAC1260 Data Manager Vulnerability related to lack of authentication for critical functions in firmware |
CVSS V2: 7.8 CVSS V3: 8.6 Severity: High |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany
| VAR-202504-0722 | CVE-2024-41792 | Siemens' SENTRON 7KT PAC1260 Data Manager Path traversal vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 8.6 Severity: Critical |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the device with root privileges. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany
| VAR-202504-0720 | CVE-2024-41791 | Siemens' SENTRON 7KT PAC1260 Data Manager Vulnerability related to lack of authentication for critical functions in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: Medium |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany
| VAR-202504-0717 | CVE-2024-41790 | Siemens' SENTRON 7KT PAC1260 Data Manager in the firmware OS Command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: Critical |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens' SENTRON 7KT PAC1260 Data Manager The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany
| VAR-202504-0718 | CVE-2024-41789 | Siemens' SENTRON 7KT PAC1260 Data Manager in the firmware OS Command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: Critical |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens' SENTRON 7KT PAC1260 Data Manager The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany
| VAR-202504-0724 | CVE-2024-41788 | Siemens' SENTRON 7KT PAC1260 Data Manager in the firmware OS Command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: Critical |
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens' SENTRON 7KT PAC1260 Data Manager The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany
| VAR-202504-2032 | CVE-2025-20951 |
CVSS V2: - CVSS V3: 5.1 Severity: MEDIUM |
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
| VAR-202504-2622 | CVE-2025-20945 | Samsung's Wear OS Vulnerability in insecure storage of critical information in |
CVSS V2: 2.1 CVSS V3: 4.0 Severity: MEDIUM |
Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software. Samsung Galaxy Watch is a smartwatch that provides multiple features, including fitness tracking, notifications, and mobile payments. The vulnerability is due to improper access control
| VAR-202504-1605 | CVE-2025-21430 | Buffer over-read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. 315 5g iot modem firmware, APQ8017 firmware, APQ8064AU A buffer over-read vulnerability exists in firmware and other parts of multiple Qualcomm products.Service operation interruption (DoS) It may be in a state
| VAR-202504-2812 | CVE-2025-21429 | Qualcomm's 9206 lte modem Buffer overread vulnerability in multiple firmware and other products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202504-3038 | CVE-2024-45552 | Buffer over-read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. APQ8064AU firmware, fastconnect 6200 firmware, fastconnect 6700 A buffer over-read vulnerability exists in firmware and other parts of multiple Qualcomm products.Information is obtained and service operation is interrupted (DoS) It may be in a state