VARIoT IoT vulnerabilities database

FANUC CNC products are the core components of CNC machine tools. FANUC CNC has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell. Glory RBW-100 The device firmware contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Glory Global RBW-100 is a banknote collection device from Glory Global

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface. Glory RBW-100 Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Glory Global RBW-100 is a banknote collection device from Glory Global

When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Omron CX-Programmer is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. Omron CX-Programmer version 9.70 and prior are vulnerable; other versions may also be vulnerable. Both Omron CX-Programmer and Omron Common Components are products of Omron Corporation of Japan. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software. Omron Common Components is a PLC common component. This product includes PLC tools such as I/O table, PLC memory, PLC system setup, data trace/time graph monitoring, PLC error log, file memory, PLC clock, routing table and data link table. A resource management error vulnerability exists in Omron CX-Programmer 9.70 and earlier and Common Components 2019-1 and earlier. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. Dell EMC IsilonSD Management Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Dell EMC IsilonSD Management Server 1.1.0 is vulnerable; other versions may also be affected. The vulnerability stems from the lack of correct validation of client data in WEB applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dell EMC Product Taxonomy IsilonSD Management Server Role Security Advisory Technically Signed Off by Product Management John Harr Engineering Team Phillip Nordwall Program Management David Geijsbeek Service Product Lead (SDS) Jeremy Johnson DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities Dell EMC Identifier: DSA-2019-031 CVE Identifier: CVE-2019-3708, CVE-2019-3709 Severity: High Severity Rating: Please refer to the Details section below of individual CVSS Scores for each CVE. Link to remedies: Customers can download software from https://download.emc.com/downloads/DL93395_IsilonSD-Management-Server-1.1.1%C2%A0upgrade-package.rpm?source=OLS https://download.emc.com/downloads/DL93394_IsilonSD-Management-Server-1.1.1-installation-package.ova?source=OLS Credit: Dell EMC would like to thank Jarrod Farncomb for reporting these vulnerabilities. Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlymVvsACgkQgSlofD2Y i6f5shAAhZ2kxDHP55er+ec7pF3wJDKGc0Ie37NbnATEcWa/X03j7PCagOL6bOkf vee3UQOaYe82atavCsJr6gOd7dq089UQuopObZB4ZXDvi3P62nOUUPCgZHw73rCw LXpSn5RclwYTzMcl1OZaT87XrHAAOvrLlPKnACmFcMdja8aYdp2ILJghMIOPP7Ey pNV4kJJt8Jbf7UDbBtKyENStEjHCbrf0Tuy74akPFNZ/GCZ6iRLfNF0k1nvyyQS2 tTWNkyepzLDgBJ1TC1DWq2WnMbPzg56us5SZc2dR8NI09IkNRlA4TyW2NOShpnJz LRAvWO962ClzrA/dPAKOWTfjS6Y8Dur3stnPiHXGVe+aAdXQmfkN2WzJI6iQ00R5 oPnts3RyZZJ+kZZgjjgh7ntlmp5ZNV15R1mgLfhcjZzdccq/oUImbZkI1TBHSARE i+ZP7w7rTxpYDPGXE4jQgAOh84NRc+sQrzZMTIOgA5EKDjrIMFPZHBWk6EryZnQW /MQywAXy8Dg8H+Mj2iVil0c9/4rmHZLinAQTsXY1fBh/uixJYFo83khAdcla1fSi mvRF14XkDAPOUq1CoiMu/WQucnY45F0BhOFVwmPt/8LoWMdwBpEmRf40Z0u9ZAM1 4246xtcPdSVAXetSYDfp3ATvM0lHiXryoVdEZwy0mem1fb8nv4w= =BOEB -----END PGP SIGNATURE-----

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. Dell EMCIsilonSDManagementServer is a management server for EMCIsilonSD storage from Dell. A cross-site scripting vulnerability exists in Dell EMCIsilonSDManagementServer version 1.1.0, which stems from the lack of proper validation of client data by web applications. Dell EMC IsilonSD Management Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. This may let the attacker steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dell EMC Product Taxonomy IsilonSD Management Server Role Security Advisory Technically Signed Off by Product Management John Harr Engineering Team Phillip Nordwall Program Management David Geijsbeek Service Product Lead (SDS) Jeremy Johnson DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities Dell EMC Identifier: DSA-2019-031 CVE Identifier: CVE-2019-3708, CVE-2019-3709 Severity: High Severity Rating: Please refer to the Details section below of individual CVSS Scores for each CVE. Link to remedies: Customers can download software from https://download.emc.com/downloads/DL93395_IsilonSD-Management-Server-1.1.1%C2%A0upgrade-package.rpm?source=OLS https://download.emc.com/downloads/DL93394_IsilonSD-Management-Server-1.1.1-installation-package.ova?source=OLS Credit: Dell EMC would like to thank Jarrod Farncomb for reporting these vulnerabilities. Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlymVvsACgkQgSlofD2Y i6f5shAAhZ2kxDHP55er+ec7pF3wJDKGc0Ie37NbnATEcWa/X03j7PCagOL6bOkf vee3UQOaYe82atavCsJr6gOd7dq089UQuopObZB4ZXDvi3P62nOUUPCgZHw73rCw LXpSn5RclwYTzMcl1OZaT87XrHAAOvrLlPKnACmFcMdja8aYdp2ILJghMIOPP7Ey pNV4kJJt8Jbf7UDbBtKyENStEjHCbrf0Tuy74akPFNZ/GCZ6iRLfNF0k1nvyyQS2 tTWNkyepzLDgBJ1TC1DWq2WnMbPzg56us5SZc2dR8NI09IkNRlA4TyW2NOShpnJz LRAvWO962ClzrA/dPAKOWTfjS6Y8Dur3stnPiHXGVe+aAdXQmfkN2WzJI6iQ00R5 oPnts3RyZZJ+kZZgjjgh7ntlmp5ZNV15R1mgLfhcjZzdccq/oUImbZkI1TBHSARE i+ZP7w7rTxpYDPGXE4jQgAOh84NRc+sQrzZMTIOgA5EKDjrIMFPZHBWk6EryZnQW /MQywAXy8Dg8H+Mj2iVil0c9/4rmHZLinAQTsXY1fBh/uixJYFo83khAdcla1fSi mvRF14XkDAPOUq1CoiMu/WQucnY45F0BhOFVwmPt/8LoWMdwBpEmRf40Z0u9ZAM1 4246xtcPdSVAXetSYDfp3ATvM0lHiXryoVdEZwy0mem1fb8nv4w= =BOEB -----END PGP SIGNATURE-----

Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A. plural Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). The QCPE creation function in several Qualcomm products has an input validation error vulnerability, which originates from the failure of the network system or product to properly validate the input data. The following products are affected: Qualcomm MDM9206; MDM9607; MDM9650; MDM9655; MSM8996AU; SD 410/12; SD 820A

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. Lenovo There are vulnerabilities related to security functions in the system.Information may be tampered with. Lenovo 510-15IKL and others are all desktop computers produced by China Lenovo (Lenovo). This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products. The following products are affected: Lenovo 510-15IKL; 510S-08IKL; IdeaCentre 300-20ISH; IdeaCentre 300S-11ISH; IdeaCentre 510-15ICB;

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. Cisco Small Business RV320 and Cisco Small Business RV325 are both a VPN router from Cisco in the United States. Cisco Small Business RV320 and Cisco Small Business RV325 have vulnerabilities in encryption problems. Attackers can use this vulnerability to obtain sensitive information. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCvp09573

A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue being tracked by Cisco Bug ID CSCvp09589

The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3. Raspberry Pi 3 module B+ Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Raspberry Pi 3 module B+ is an embedded system development board. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. FortiOS There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS 6.0.2 and prior, 5.6.7 and prior, and 5.4.10 and prior

Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request. Vordel XML Gateway Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Axway Vordel XML Gateway is a French Axway company's XML gateway with threat scanning and traffic control functions

Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. SymantecVIPEnterpriseGateway is an enterprise security gateway product from Symantec Corporation of the United States. A cross-site scripting vulnerability exists in SymantecVIPEnterpriseGateway that stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. Advantech WebAccess Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. An arbitrary file-download vulnerability 2. This may aid in further attacks. Advantech WebAccess 8.3.4 is vulnerable; other versions may also be affected. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Advantech WebAccess Contains an access control vulnerability.Information may be tampered with. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. An arbitrary file-download vulnerability 2. An arbitrary file-upload vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.3.4 is vulnerable; other versions may also be affected. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component. Fortinet FortiSandbox Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortinetFortiSandbox is an APT (Advanced Persistent Threat) protection device from Fortinet. The device provides dual sandbox technology, dynamic threat intelligence, real-time control panels and reporting. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site

Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660. plural Snapdragon The product contains an access control vulnerability.Information may be obtained. QualcommMDM9607 and others are a central processing unit (CPU) product of Qualcomm. There are access control error vulnerabilities in ContentProtection in several Qualcomm products. An attacker could exploit this vulnerability to gain access to sensitive keypad input data. Qualcomm Closed-Source Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple information disclosure vulnerabilities 3. An unauthorized-access vulnerability 5. Multiple denial-of-service vulnerabilities 6. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-114074547,A-119050181,A-122474428,A-114067283,A-119049466,A-119050073,A-119049388,A-119050001,A-119049623,A-119051002,A-119050182,A-119052037,A-122472140,A-112303441 and A-123997497. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9650; MSM8909W; MSM8996AU; QCA6574AU; QCS605; SD 210; SD 212; SD 205; SD 712; SD 710; SD 670; SD 730; SD 820; SD 820A; SD 835; SD 845; SD 850; SD 855;

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. Fortinet FortiOS Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Versions prior to FortiOS 6.0.5 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A heap buffer overflow vulnerability existed in Fortinet versions prior to FortiOS 6.2.0. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. LLVM (Low Level Virtual Machine) is a framework system of a framework compiler (compiler) developed by the LLVM team. A security vulnerability exists in LLVM components in versions prior to Apple Xcode 10. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements