VARIoT IoT vulnerabilities database

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files. ABB CP635 HMI Vulnerabilities related to certificate validation exist in the firmware and software components of.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBCP635HMI is a human-machine interface control panel from ABB, Switzerland. A security vulnerability exists in ABBCP635HMI due to the failure of the transport method to use any form of encryption or the reliability check of the binary of the new HMI software. An attacker could exploit the vulnerability to control the HMI or execute arbitrary code on the system. Multiple ABB Products are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Successful exploits will lead to other attacks. ABB CP635 HMI and CP651 HMI could allow a remote malicious user to execute arbitrary code on the system, caused by the lack of encryption for transmission methods

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Cisco Industrial Network Director Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco bug ID CSCvm20474. The system realizes automatic management through visual operation of industrial Ethernet infrastructure. The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvo85826. Cisco Enterprise Chat and Email (CEC) is a suite of enterprise chat and email solutions from Cisco. This product mainly provides e-mail, chat and Web callback functions for other Cisco solutions. The vulnerability stems from the lack of correct validation of client data in WEB applications

There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007. HedEx Lite Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Huawei HedEx Lite is a product document manager of China Huawei (Huawei). This product supports functions such as product document download, management and reading. The vulnerability stems from the lack of correct validation of client data in WEB applications

Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. The LogitechR700LaserPresentationRemoteR-R0010 is a wireless demonstration remote control from Logitech, Switzerland. An injection vulnerability exists in the LogitechR700LaserPresentationRemoteR-R0010. The vulnerability stems from the user's input of constructing commands, data structures, or records. The network system or product lacks proper verification of user input data, unfiltered or improperly filtered out special elements, resulting in system or product resolution or The explanation is wrong. Wrong way of interpreting. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-015 Product: R700 Laser Presentation Remote Manufacturer: Logitech Affected Version(s): Model R-R0010 (PID WD904XM and PID WD802XM) Tested Version(s): Model R-R0010 (PID WD904XM and PID WD802XM) Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-04-12 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12506 Author of Advisory: Matthias Deeg (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: Logitech R700 Laser Presentation Remote is a wireless presenter using 2.4 GHz radio communication. By knowing the used data protocol, it is possible to inject packets in the data communication that are actually interpreted as keystrokes by the receiver on the target system. The following output of the developed proof-of-concept software tool illustrates a successful attack: # python2 logitech_presenter.py -a 7F:20:9E:C2:07 _____ ______ ___ _ _ _____ _ _ | __ \| ____|__ \| || | | __ \| | | | _ __ | |__) | |__ ) | || |_ | |__) | | __ _ _ _ ___ ___| |_ | '_ \| _ /| __| / /|__ _| | ___/| |/ _` | | | / __|/ _ \ __| | | | | | \ \| | / /_ | | | | | | (_| | |_| \__ \ __/ |_ |_| |_|_| \_\_| |____| |_| |_| |_|\__,_|\__, |___/\___|\__| __/ | |___/ Logitech Wireless Presenter Attack Tool v1.0 by Matthias Deeg - SySS GmbH (c) 2016 [*] Configure nRF24 radio [*] Actively searching for address 07:C2:9E:20:7F [*] Ping success on channel 8 [*] Ping success on channel 8 [*] Press <CTRL+C> to start keystroke injection ^C [*] Start keystroke injection ... [*] Done. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2019-04-12: Vulnerability reported to manufacturer 2019-06-04: Public release of security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product website for Logitech R700 https://www.logitech.com/en-roeu/product/professional-presenter-r700 [2] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [3] Bastille's nRF24 research firmware and tools https://github.com/BastilleResearch/nrf-research-firmware [4] SySS Security Advisory SYSS-2016-074 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-074.txt [5] SySS Security Advisory SYSS-2019-015 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt [6] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlz03CQACgkQ2aS/ajSt TauaVw/8CVXlyjP8Y1ngNcAzZzq+THJb5wRsjpe7bMdD3mEi3AQTxt9y+REQO95k xP+D2LvgCopG1k7opQ6iH+4nmgOmy2cYx9XhitBHTr/QZ6xKgCm/eTtNGMrTT2pF SS+/n/5dbPTwQk2VXi0py+QMxp+21u/vt/ftmQYPy2lMqcVftJ/G/ANzxUQEFy7D Nk/tNg6ev68JmarCKu0c0vDMghW8mnt1tQVe1yxjHs7zDYJVkUCwT/iHPbQ1Wbfq uJ5TAvZ/czMoSeGBl0H1vrPnU855MOjIwPJcrQJj9eMFdPilTir9svEw4+ngYxv8 55yMagHYPUUs/OiluPfSoXagw+f6bQZQi7YBhCMo3DVUFZbDij9r+kpijOMD8oEB b/76A8B+rfyjpzOm1A6eR3qFfTP65XXVZyd8+Rb7K/zyPoXoSS4WbMnpyGQ+BiWP 9VsrOshEeO3EqetVbgQURbzvs9FZjPRPBurF1y5ujrYksIs+LdQzoqlMR6r+EHTd Atzr10S6W7usTwtvl97luEteOrmjv2lgPpLz0R7bLhSyOJo+mCl75CunKDaWIyPm zTW+v5wWNcrEiTQyP/zmahkZO3YXKOqXlaLE9rs2Q2V9uuimenCR7MIoKHNLtKiv +lHVKdRMw2Cqmet/sTpRWSYGPnxm/DbxVyy8YUCZl/iDTyEQHAk= =8Kcd -----END PGP SIGNATURE-----

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Inateck WP2002 Contains vulnerabilities related to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. InateckTechnologyInateckWP2002 is a wearable wireless demonstration remote control from InateckTechnology of the United States. A data forgery vulnerability exists in InateckTechnologyInateckWP2002. The vulnerability stems from a network system or product that does not adequately verify the source or authenticity of the data. Attackers can use fake data to attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-008 Product: 2.4 GHz Wearable Wireless Presenter WP2002 Manufacturer: Inateck Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12504 Author of Advisory: Matthias Deeg (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: Inateck WP2002 is a ring-shaped wearable wireless presenter using 2.4 GHz radio communication. The manufacturer describes the product as follows: " * Easy to Use: Uses 2.4 GHz USB wireless connection, with receiving distance reaching 20 meters. You\x92re free to move in a large space when wearing it on fingers. No driver needed, just plug and play! * Ring-shaped design. You can wear it on your fingers (the ring is adjustable). Free your hands and have more body language, which will let your speech become more attractive. * Multi-functional: By controlling the three function keys in control key area, you can turn pages, open full screen, close the screen, and access a hyperlink. * Prolonged working use. Full charge allows a continuous working time of 15 days. Battery life is powerful, which greatly facilitates frequent use. * Fits Powerpoint, Keynote(except hyperlink and windows switch functions), and supports page turning function with Google Slides and Prezi. Compatible with Windows XP/7/8/8.1/10, Mac OS, Linux, Android and etc. By knowing the used data protocol, it is possible to inject packets in the data communication that are actually interpreted as keystrokes by the receiver on the target system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): SySS GmbH could successfully perform keystroke injection attacks against the wireless presenter Inateck WP2002 using the open-source software tool Universal Radio Hacker [2] in combination with the software-defined radio HackRF One [3]. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2019-03-22: Vulnerability reported to manufacturer 2019-06-04: Public release of security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product website for Inateck WP2002 https://www.inateck.com/de/kabellos-praesentationsgeraet-laiserpointer-presenter-fernbedienung-powerpoint-keynote-usb-adapter-plug-and-play-schwarz-wp2002.html [2] Universal Radio Hacker (URH) https://github.com/jopohl/urh [3] HackRF One by Great Scott Gadgets https://greatscottgadgets.com/hackrf/ [4] SySS Security Advisory SYSS-2019-008 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-008.txt [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlz026AACgkQ2aS/ajSt Tat6lg/+MQTKSUU+x1a3pW14hk2EdcKwxNOxhZWTGIpRNV1fDM/vH4Nqki/csVY4 ymi0i5g3XfJIFmv6CBsBOCw+CFCwde2Al0WZjdEgo+U83ObwfKMO96AV7U4Aed/2 +UoutKUJf3i/DAKZvI7ucWIn87BINORjZOvbjsqIowDeTEnj6UMSx4tACcxoeMoI l7+KhJsCpfxLemFpFv9qdIwyNuirOVAEmcDA2U7jtowNMGcZAe/EtnwbIGg1/hXU 3OViS9aZ55saVMvQR2Lfo8ZlVTS7t3NfNgv4/5Dxme2zhFEQWuJY97D18kPFr5/W BHC2pPKF7g/tZRbxF9MJnqtzrCU573tFCwaFXilNOY3hESAB7GTF14gAN8hcPAdv LiTXH5CCGL9IsQgOGJoJVY0LrBTdFbCqkR1WdCIJdkwP5/dSXCwfQ0eefH5cOrOG ie7UJBAyNTfmzwqJunkNr/l31tBBCCJadIATMh0o/dzEd5/nBq3ZH8CnrKvlarVl JQPgerPglaKM5bveOXo/FEtU0HT+nPqpBwxImJBxXWjzzOVuyZZn0/OW4U08qVYs iDBKbeG1WppPDaFCTDgVEccZH4UDcSVzJuEGiX9wocWJnQqTFHXqKkmxaMPAeTgZ VAU6Lu3MTMdjeqyhIjk6j5BqEJmfMawCduZJSTbcotXJ0eqL6V0= =QvHb -----END PGP SIGNATURE-----

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Inateck WP1001 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. InateckTechnologyWP1001 is a wireless demonstration remote control from InateckTechnology of the United States. A data forgery vulnerability exists in the InateckTechnology WP1001v1.3C release. The vulnerability stems from a network system or product that does not adequately verify the source or authenticity of the data. Attackers can use fake data to attack. A remote attacker could exploit this vulnerability by sending arbitrary keystrokes to take control of a user's computer. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-007 Product: 2.4 GHz Wireless Presenter WP1001 Manufacturer: Inateck Affected Version(s): Rev. v1.3C Tested Version(s): Rev. v1.3C Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12505 Author of Advisory: Matthias Deeg (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: Inateck WP1001 is a wireless presenter using 2.4 GHz radio communication. The manufacturer describes the product as follows: "* 2.4GHz Wireless Connection allows you to move around while giving presentations * Fingertip Controls make it easy for you to adjust the volume, change slides and more * Red Laser Pointer words up to 65 feet(20m) away * LCD Screen with timer vibration and low-battery indicator * Includes Carrying Case to help protect your device on the go " Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 is prone to keystroke injection attacks. By knowing the used data protocol, it is possible to inject packets in the data communication that are actually interpreted as keystrokes by the receiver on the target system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): SySS GmbH could successfully perform keystroke injection attacks against the wireless presenter Inateck WP1001 using the open-source software tool Universal Radio Hacker [2] in combination with the software-defined radio HackRF One [3]. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2019-03-22: Vulnerability reported to manufacturer 2019-06-04: Public release of security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Manufacturer website https://www.inateck.com/ [2] Universal Radio Hacker (URH) https://github.com/jopohl/urh [3] HackRF One by Great Scott Gadgets https://greatscottgadgets.com/hackrf/ [4] SySS Security Advisory SYSS-2019-007 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-007.txt [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlz025gACgkQ2aS/ajSt TatunQ//YoiAlodwqo5Hn3bHfYKWvMPr2MElC8ftXH8z2oHSPQZkWAK+MXfBECol mLFV7GjkVgE1sOleU2REd6CzFGT5Gc0SyK2QoAqXnlI4xPVd5mDQvp3MaH20o8QH 1afyM2xiJ3Q0dJOhhKlLS7WNLd2cJVr9tPaL79xR3Ef37GgkBHj6/jCcDl6qW4EJ QJImXtTKUsnm3bvCMluquHnM1X+Fn+goScKiuwTbwo58PF8isdSPvHkZpdedtm50 A/LPMHSudXsQdI40VUqSvSmi7wzJ414B05mTogj1ChAfGVPJv2WCH7gW029j/KUE B/ialuSSVjUFIHFjs/sxseRuJ4nXLhkXoSuial5ktUa1fVJA+mJxj2R5j8ZNwSO8 1C0TCiWx1hT1yR2nqANSO8D+FL05v8XkO60oR1BMnta6ssAYz3qCDUxb69GC+i27 UC9KxnQso0BYBBVeMTpFZhImB2AV7/WRrUQKgaLZScj2QGUuTt0A4oZVfr+7wR5l 6quxbsa/I0XMuXjuC955N3uK7R4ZzIBUaa7qroj/2oPA5Fca7c3XPfCJA3v3RcYf ndPL/mp6d9NybS9v1dzmldmVq++WMSkgUYva9/lsNVQb2RhmoQyyAH1wlUYiM9Vm YGioWAVwQy0hY30ghOwRXslbtWhDOP6wb12vML4FTWjwx9YWlR0= =DtEQ -----END PGP SIGNATURE-----

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Phoenix Contact PLCNext AXC F 2152 is a programmable logic controller from Phoenix Contact, Germany. An information-disclosure vulnerability. 2. An authentication-bypass vulnerability. 3. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, perform unauthorized actions and crash the service, denying service to legitimate users

On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft an RTSP request with a large number of headers. Ubiquiti airCam The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Ubiquiti Networks airCam is a network camera from Ubiquiti Networks. The vulnerability stems from the failure of the network system or product to properly validate the input data

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. Geutebruck IP Camera G-Code and G-Cam for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück. Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107). Vendors have confirmed this vulnerability HWPSIRT-2019-04107 It is released as.Information may be obtained and information may be altered. (NAS COUNT)

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. Geutebruck IP Camera G-Code and G-Cam Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück. Geutebrück G-Cam and G-Code have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. Geutebruck G-Cam and G-Code are prone to an HTML-injection vulnerability and multiple OS command-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück. Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation. Failed exploit attempts will likely cause a denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. Failed exploit attempts will likely cause a denial-of-service condition. The solution supports online diagnosis, system operation detection, equipment management, etc. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. IceWarpMailServer is a mail server product from IceWarp, USA. The product supports email archiving, SmartAttach attachments, automatic migration, and more. The vulnerability stems from a network system or product failing to properly filter specific elements in a resource or file path. An attacker could exploit this vulnerability to access a location outside of a restricted directory

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device. ExaGrid The appliance firmware contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ExaGrid appliances are a disk backup application. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories

XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120486477, A-120485121, A-120487163, A-122473494, and A-123998003. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). An access control error vulnerability exists in several Qualcomm products. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130. plural Snapdragon The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120486477, A-120485121, A-120487163, A-122473494, and A-123998003

Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a vulnerability related to environment settings.Information may be obtained. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120486477, A-120485121, A-120487163, A-122473494, and A-123998003. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A configuration error vulnerability exists in several Qualcomm products