VARIoT IoT vulnerabilities database

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. AirTies Air5341 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AirTies Air5341 is a wireless modem from Airties, Turkey. A cross-site request forgery vulnerability exists in AirTies Air5341 version 1.0.0.12. A remote attacker could exploit this vulnerability to perform unauthorized operations

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. plural F5 BIG-IP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. F5 BIG-IP TMUI is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Traffic Management User Interface (TMUI) is one of the user management interfaces. A remote attacker can exploit this vulnerability to execute JavaScript code. The following products and versions are affected: F5 BIG-IP LTM Version 14.0.0, Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP AAM 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6.3; BIG-IP AFM 14.0.0, 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP Analytics Version 14.0.0, Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1 .3, 11.6.0 to 11.6.3; BIG-IP APM 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6. 3 versions; BIG-IP ASM version 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6.3; BIG-IP DNS 14.0.0 , Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP Edge Gateway Version 14.0.0, Version 13.0.0 to Version 13.1.1 , version 12.1.0 to version 12.1.3, version 11.6.0 to version 11.6.3; BIG-IP FPS version 14.0.0, version 13.0.0 to 13.1

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan's Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account. AVEVA Wonderware System The platform contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA Wonderware System Platform is a set of fast response control platform from UK's AVEVA company. The platform is mainly used for SCADA and Industrial Internet of Things. A trust management issue vulnerability exists in AVEVA Wonderware System Platform 2017 Update 2 and earlier. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Wonderware System Platform 2017 Update 2 and prior are vulnerable

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Mate 10 is a smartphone product from China's Huawei

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change. plural Lexmark The device contains an information disclosure vulnerability.Information may be obtained. Multiple Lexmark Devices are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following products are affected: Lexmark CX725h; Lexmark CX820; Lexmark CX825; Lexmark CX860; Lexmark XC4150; Lexmark XC6152; Lexmark XC8155;

Insufficient access restrictions for license manager services for multiple Yokogawa products (CWE-302) Vulnerabilities exist. This vulnerability information is provided by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC By developers and the United States ICS-CERT And adjusted.License manager service operated by a remote third party PC , Any file may be created or overwritten in any location with the system authority to execute the service. Multiple Yokogawa Products are prone to an arbitrary file-upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. The following Yokogawa products are vulnerable: CENTUM VP R5.01.00 through R6.06.00 CENTUM VP Entry Class R5.01.00 through R6.06.00 ProSafe-RS R3.01.00 through R4.04.00 PRM R4.01.00 through R4.02.00 B/M9000 VP R7.01.01 through R8.02.03. are all products of Japan's Yokogawa Electric (Yokogawa). ProSafe-RS is a safety instrumented system. License Manager Service is a license management service used in it. A security vulnerability exists in several Yokogawa products due to the program not properly restricting the upload of malicious files

Shenzhen Qiao An Technology Co., Ltd., as a research and development manufacturer of surveillance cameras, produces and sells Qiao An surveillance, Qiao An surveillance cameras, Qiao An web cameras, Qiao An hard disk video recorders, Qiao An ball machines and so on. Joan wireless camera has an information disclosure vulnerability. An attacker could exploit the vulnerability to obtain video streams from a wireless smart camera without obtaining user permissions.

Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter. Allied Telesis 8100L/8 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SirsiDynix e-Library is an electronic library system developed by Sirsi Corporation in the United States. A cross-site scripting vulnerability exists in SirsiDynix e-Library version 3.5.x. A remote attacker could exploit this vulnerability to steal cookie-based authentication credentials, take control of the application, access or modify data, or exploit potential vulnerabilities in the underlying database

Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. Zyxel NBG-418N v2 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyxelNBG-418Nv2Modem is a wireless router from ZyXEL Technology. A cross-site request forgery vulnerability exists in the ZyxelNBG-418Nv2Modem1.00 (AAXM.6) C0 release that could be exploited by a remote attacker to perform unauthorized operations

WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. WebAccess/SCADA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A SQL injection vulnerability exists in Advantech WebAccess/SCADA version 8.3. A remote attacker can exploit the vulnerability to execute SQL commands by sending a specially crafted request. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. An SQL-injection vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. WebAccess/SCADA Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. An SQL-injection vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. WebAccess/SCADA Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. An SQL-injection vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco SocialMiner Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCvi52835, CSCvn50066 and CSCvn59276. Cisco SocialMiner is a set of social media call center solutions from Cisco. The solution supports social media monitoring and analysis capabilities

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. PhoenixContactFLSWITCH is an industrial Ethernet switch from the PhoenixContact group in Germany. A denial of service vulnerability exists in versions prior to PhoenixContactFLSWITCH3xxx1.35, prior to 4xxx1.35, and prior to 48xx1.35, which could allow an attacker to exploit a vulnerability by making a large number of WebUI connections. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. plural PHOENIX CONTACT FL SWITCH The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhoenixContactFLSWITCH is an industrial Ethernet switch from the PhoenixContact group in Germany. A cross-site request forgery vulnerability exists in versions prior to PhoenixContactFLSWITCH3xxx1.35, prior to 4xxx1.35, and prior to 48xx1.35, which could be exploited by remote attackers to cause a web browser to pass unexpected commands. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. plural PHOENIX CONTACT FL SWITCH The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIX CONTACT FL SWITCH Series are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. plural PHOENIX CONTACT FL SWITCH The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIX CONTACT FL SWITCH Series are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses. Synaptics TouchPad The driver contains an information disclosure vulnerability.Information may be obtained. Synaptics TouchPad is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to read portions of kernel memory, resulting in a privilege escalation