VARIoT IoT vulnerabilities database

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated ServicesRouter are all Cisco router products. IOS Software is the operating system that Cisco runs for its network devices

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated Services Router are router products of Cisco. IOS Software is the operating system that Cisco runs for its network devices

HP Color LaserJet Pro M252 is a color laser printer manufactured by HP Trading (Shanghai) Co., Ltd. The HP Color LaserJet Pro M252 series has a command execution vulnerability that could allow an attacker to execute remote commands.

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability. Multiple EMC Unity products are prone to local privilege-escalation vulnerability. The following versions are vulnerable: EMC Unity Operating Environment 4.3.0.x and 4.3.1.x EMC UnityVSA Operating Environment 4.3.0.x and 4.3.1.x. UnityVSA is another version of it. This vulnerability may potentially be exploited by malicious local users to compromise the affected system. Customers can refer to Dell EMC target code information at: https://support.emc.com/docu39695_Target_Revisions_and_Adoption_Rates.pdf?language=en_US&language=en_US. Link to remedies: Registered Dell EMC Support customers can download Unity software from the EMC Online Support web site. https://support.emc.com/downloads/39949_Dell-EMC-Unity-Family Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell EMC Product Security Incident Response Team secure@dell.com http://www.emc.com/products/security/product-security-response-center.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJbq9aAAAoJEIEpaHw9mIungPcP/R9ZWm7s1L3kCNOd00R3Iiko 1k5fZo9bjbsoLk0wSq02RF5e/9prxZaa1BPcYXndznLjJ1ejGYoLAUBajfZTmq4U xb9MYFvRMyxVDYHJMj4vCZL85ciXf68DRGRzeJ1kTkrNcznP7G5xn1OnVRKAH5m3 aiP/y8L+MSCv+t98ECF7X4c1pC2vZcFubxD0Xw2GjmoYr5vY4vfsxWGXf46WEGKP RUFK/dSdNAPGaf6F7KMpZf1c3xhOHCsnGCkQMDVEJb4X12O/RuCHjsEgdjtLFbvg aJGpeubmdv0X91NUGblA1i3zk0F1R+WEXYgHbJgM5DBcfng6LxUOMFnXbta6qq+K BZFO2tlYlvGc/Rho1GKCHoi/R7n1kC0C7uBJ5gy3INlaZ0OsM5c8YC3iEO9hOa2E IMJT1t6in9VRXOUuiBQMBAxsObdjl/oz1c3T6raFh+wa53ENmIKTW2rkuGJ2pGWn /4Uhz6YiGT3UxFau9p25cJl4na1UOvbjyv3UvZG21+NPhR4ikchEmDlFlpOfEZ5C xOiYfIa3F0QDmHBFu5Z6zuECqCuKCFtkUYjK010jQ8SXCD3q2N5qMum+JzyFT1h8 W5ZYV8GVsgMwh1Oxr82ivb/r/BWZ8OU0ettexZtIJ1LYZI1chJUsMK2otaWTamVk XlhlluNzoiTUlgQf5S5I =2Ioq -----END PGP SIGNATURE-----

Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. FujiElectricFRENICLoader and others are inverters of Fuji Electric Corporation of Japan. An out-of-bounds read vulnerability exists in several FujiElectric products. Multiple Fuji Electric FRENIC Devices are prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information. The following products and versions are affected: Fuji Electric FRENIC Loader version 3.3; FRENIC-Mini (C1) version 7.3.4.1a; FRENIC-Mini (C2) version 7.3.4.1a; FRENIC-Eco version 7.3.4.1a; FRENIC-Multi Version 7.3.4.1a; FRENIC-MEGA Version 7.3.4.1a; FRENIC-AceA Version 7.3.4.1a

A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution. Fuji Electric FRENIC LOADER Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FujiElectricFRENICLoader and others are inverters of Fuji Electric Corporation of Japan. A stack buffer overflow vulnerability exists in several FujiElectric products due to a program that failed to properly detect user-submitted comments. Multiple Fuji Electric FRENIC Devices are prone to multiple security vulnerabilities. The following products and versions are affected: Fuji Electric FRENIC Loader version 3.3; FRENIC-Mini (C1) version 7.3.4.1a; FRENIC-Mini (C2) version 7.3.4.1a; FRENIC-Eco version 7.3.4.1a; FRENIC-Multi Version 7.3.4.1a; FRENIC-MEGA Version 7.3.4.1a; FRENIC-AceA Version 7.3.4.1a

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file. Iomega , Lenovo , LenovoEMC NAS The device contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. An attacker could exploit this vulnerability to elevate privileges by uploading an SVG image with arbitrary JavaScript code. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. Iomega , Lenovo , LenovoEMC NAS The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). A cross-site scripting vulnerability exists in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier. A remote attacker could exploit this vulnerability to elevate privileges by adding a file. The following products and versions are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl , EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. Iomega , Lenovo , LenovoEMC NAS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. Iomega , Lenovo , LenovoEMC NAS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. Iomega , Lenovo , LenovoEMC NAS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. An attacker can use the 'value __c' and 'iomega' parameters to exploit this vulnerability to execute arbitrary commands as root. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center

Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. FujiElectricAlpha5SmartLoader is a servo motor product of Fuji Electric of Japan. An attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. An attacker can exploit these issues to gain elevated privileges, bypass certain security restrictions and perform unauthorized actions

Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. Emerson AMS Device Manager Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The software provides predictive diagnostics, equipment configuration management, and more. An attacker can exploit these issues to gain elevated privileges, bypass certain security restrictions and perform unauthorized actions

Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer. Fuji Electric Alpha5 Smart Loader Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FujiElectricAlpha5SmartLoader is a servo motor product of Fuji Electric of Japan. A heap buffer overflow vulnerability exists in FujiElectricAlpha5SmartLoader 3.7 and earlier. The attacker can exploit the vulnerability to execute the code

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. Fuji Electric FRENIC LOADER Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FujiElectricFRENICLoader and others are inverters of Fuji Electric Corporation of Japan. Multiple Fuji Electric FRENIC Devices are prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information. The following products and versions are affected: Fuji Electric FRENIC Loader version 3.3; FRENIC-Mini (C1) version 7.3.4.1a; FRENIC-Mini (C2) version 7.3.4.1a; FRENIC-Eco version 7.3.4.1a; FRENIC-Multi Version 7.3.4.1a; FRENIC-MEGA Version 7.3.4.1a; FRENIC-AceA Version 7.3.4.1a

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. The solution provides network-wide visibility for comprehensive management of resources, services and users. Wireless Service Manager (WSM) Software is one of the wireless service management software. A remote attacker could use the 'username' parameter to exploit this vulnerability to execute arbitrary code

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. The solution provides network-wide visibility for comprehensive management of resources, services and users. Wireless Service Manager (WSM) Software is one of the wireless service management software. The vulnerability is caused by the program not validating the length of user-submitted data before copying it into a fixed-length stack-based buffer. A remote attacker could exploit this vulnerability to execute arbitrary code