VARIoT IoT vulnerabilities database

SAMSoar Developer is a configuration software produced by Shenzhen Xiankong Technology Co., Ltd. SAMSoar Developer has a memory corruption vulnerability when processing ssp project files. Attackers can use this vulnerability to gain control of the user system or crash the program

Display Control Remote HMI is a configuration software produced by Shenzhen Display Control Technology Co., Ltd. Display Control Remote HMI has a memory corruption vulnerability when processing smc project files. Attackers can use this vulnerability to gain control of the user system or crash the program

Shenzhen Xiankong Technology is a national high-tech enterprise specializing in R & D, production, sales and service of core products of Industry 4.0. Display Control Remote HMI has dll hijacking vulnerability. An attacker can maliciously load and execute a DLL by constructing a malicious application and placing it in a specific path. DLL And execute

xp-builder is an XGT HMI editing software. There is a dll hijacking vulnerability in xp-builder, which can be used by an attacker to execute malicious code

KGL_WIN is a PLC programming software. KGL_WIN has a memory corruption vulnerability when processing kpr project files. Attackers can use this vulnerability to gain control of the user system or crash the program

SKWorkshop is a configuration software produced by Shenzhen Xiankong Technology Co., Ltd. SKWorkshop has a memory corruption vulnerability when processing shm project files. Attackers can use this vulnerability to gain control of the user system or crash the program

xp-builder is an XGT HMI editing software. There is a memory corruption vulnerability when xp-builder processes xpd project files. Attackers can use this vulnerability to execute malicious code on user systems

SKTOOL is a configuration software produced by Shenzhen Xiankong Technology Co., Ltd. SKTOOL has a memory corruption vulnerability when processing skm project files. Attackers can use this vulnerability to gain control of the user system or crash the program

LSIS configuration software is a configuration software of Lexing Power Generation (Wuxi) Co., Ltd. A memory corruption vulnerability exists in the LSIS configuration software when processing mce project files. Attackers can use this vulnerability to execute malicious code

A DoS Vulnerability was found in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager. Regarding the impact of the vulnerability, please refer to the vendor advisory.

httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Liebert Challenger 5.1E0.5 is vulnerable; other versions may also be affected. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Xiaomi Xiaoai MINI smart speaker and Xiaomi Xiaoai AI smart speaker are both smart speaker products produced by Xiaomi Technology. There is a binary vulnerability between the Xiaomi Xiaoai MINI smart speaker and Xiaomi Xiaoai AI smart speaker voice device. Attackers can use this vulnerability to obtain the user's voice content.

IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699. IBM Storwize V7000 Unified Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 160699 It is released as.Information may be obtained. IBMStorwizeV7000Unified is a virtualized storage device from IBM Corporation of the United States. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks

A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. HP Integrated Lights-Out is prone to following security vulnerabilities: 1. A buffer-overflow vulnerability 2. Multiple unspecified cross-site scripting vulnerabilities An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks, execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This solution enables remote monitoring and operation and maintenance of IT assets such as servers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. HP Integrated Lights-Out is prone to following security vulnerabilities: 1. A buffer-overflow vulnerability 2. Multiple unspecified cross-site scripting vulnerabilities An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks, execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. HPE Integrated Lights-Out is a set of remote control solutions from Hewlett Packard Enterprise (HPE). This solution enables remote monitoring and operation and maintenance of IT assets such as servers. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen. Four-Faith Wireless Mobile Router F3x24 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Four-Faith WirelessMobileRouter F3x24 is a portable wireless mobile router from China's Four-Faith. A code execution vulnerability exists in the Four-Faith WirelessMobileRouter F3x24v1.0 release, which can be exploited by a remote attacker using the CommandShell interface

Shenzhen INVT Electric Co., Ltd. is specialized in the fields of industrial automation and energy power. DLL hijacking vulnerability exists in INVT PanelSim when processing pl3 project files. Attackers can use the vulnerability to load malicious DLLs and execute malicious code

KUNBUS-GW Ethernet / IP is a programmable logic controller (PLC), which provides an integrated ControlNet communication port and two integrated Ethernet interfaces. There is a denial of service vulnerability in KUNBUS-GW Ethernet / IP. An attacker can use this vulnerability to bring down the device by sending a specific arp protocol packet

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications

There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)