VARIoT IoT vulnerabilities database

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16194 * By having the device to load an invalid parameter using UPnP function, an attacker with access to the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* An attacker with access to the device may obtain registered information on the device. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16194 * By having the device to load an invalid parameter using UPnP function, an attacker with access to the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* An attacker with access to the device may obtain registered information on the device. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\303\274ck E2CameraSeries is an E2 series webcam from Geutebr\303\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebrück GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability

Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. Intel System Defense Utility is a tool for remotely configuring the security of a PC (supporting Intel vPro technology) developed by Intel Corporation. This product is mainly used for security configuration of Intel vPro function and SMB environment. A local attacker could exploit this vulnerability to elevate privileges

Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access. Intel Parallel Studio Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Parallel Studio is a development kit for high-performance applications developed by Intel Corporation. A security vulnerability exists in the installer in versions prior to Intel Parallel Studio 2019 Gold. A local attacker could exploit this vulnerability to elevate privileges

Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access. A local attacker could exploit this vulnerability to elevate privileges

Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. Intel QuickAssist Technology for Linux Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel QuickAssist Technology for Linux is a data management technology based on the Linux platform of Intel Corporation of the United States. It is mainly used to enhance the security and compression performance of dynamic data and static data in cloud, network, big data and storage applications. A security vulnerability exists in Intel QuickAssist Technology (all versions) for Linux-based platforms. A local attacker could exploit this vulnerability to cause a denial of service

Improper configuration of hardware access in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. Intel QuickAssist Technology for Linux Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel QuickAssist Technology for Linux is a data management technology based on the Linux platform of Intel Corporation of the United States. It is mainly used to enhance the security and compression performance of dynamic data and static data in cloud, network, big data and storage applications. A security vulnerability exists in Intel QuickAssist Technology (all versions) for Linux-based platforms. A local attacker could exploit this vulnerability to cause a denial of service

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . Medtronic CareLink 2090 Programmer , CareLink 9790 Programmer , 29901 Encore Programmer Contains a cryptographic vulnerability.Information may be obtained. Successfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. An attacker in physical proximity could exploit the vulnerability to gain access to protected health and personally identifiable information stored on the device

PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. PrinterOn Enterprise Contains an input validation vulnerability.Information may be tampered with. PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers. A security vulnerability exists in PrinterOn Enterprise version 4.1.4 due to the fact that the program does not properly check the entered URI. An attacker could exploit this vulnerability to delete arbitrary files on the host system

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. Dell EMC iDRAC is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. A local unauthorized-access vulnerability An attacker can exploit this issue to run processes with elevated privileges, gain unauthorized access and execute arbitrary commands with user privileges in context of the affected application. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. Dell EMC iDRAC7 , iDRAC8 , iDRAC9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. Dell EMC iDRAC7, iDRAC8 and iDRAC9 are all system management solutions of Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171. Vendors have confirmed this vulnerability IBM X-Force ID: 145171 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. IBM MQ is prone to a denial-of-service vulnerability. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following versions are affected: IBM DataPower Gateway versions 7.1.0.0 to 7.1.0.22, 7.2.0.0 to 7.2.0.20, 7.5.0.0 to 7.5.0.15, 7.5.1.0 to 7.5.1.14, 7.5. Version 2.0 to version 7.5.2.14, version 7.6.0.0 to version 7.6.0.7, version 7.7.0.0 to version 7.7.1.0

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887. IBM DataPower Gateway Contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 144887 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. The following versions of product are vilnerable: IBM DataPower Gateway 7.6.0.0 through 7.6.0.9 IBM DataPower Gateway 7.5.2.0 through 7.5.2.16 IBM DataPower Gateway 7.5.1.0 through 7.5.1.16 IBM DataPower Gateway 7.5.0.0 through 7.5.0.17. IBM DataPower Gateway is the United States IBM The company's set of dedicated to mobile, cloud, application programming interface ( API ), network, service-oriented architecture ( SOA ), B2B A secure and integrated platform designed for cloud and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The following versions are affected: IBM DataPower Gateways 7.6.0.0 version to 7.6.0.9 Version, 7.5.2.0 version to 7.5.2.16 Version, 7.5.1.0 version to 7.5.1.16 Version, 7.5.0.0 version to 7.5.0.17 Version

On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. plural F5 The product contains an information disclosure vulnerability.Information may be obtained. F5 BIG-IP SNMP is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information. This may lead to other attacks. F5 BIG-IP and so on are all products of F5 Company in the United States. F5 BIG-IP is an all-in-one network device that integrates functions such as network traffic management, application security management, and load balancing. Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. BIG-IQ is a software-based cloud management solution. Security flaws exist in several F5 products. Attackers can exploit this vulnerability to obtain plaintext passwords and intrude into SNMP monitoring devices. The following products and versions are affected: F5 BIG-IP Version 14.0.x, Version 13.x, Version 12.x, Version 11.x; Enterprise Manager Version 3.1.1; BIG-IQ Version 6.x, Version 5.x , 4.x version; iWorkflow 2.x version

A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known. TIM 1531 IRC Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens TIM 1531 IRC is a communication module from Siemens AG, Germany. A security vulnerability exists in a version of the Siemens TIM 1531 IRC 2.0 that was caused by a device failing to authenticate properly when connecting on a 102/tcp port. This may aid in further attacks

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SAP NetWeaver AS Java 7.10 ,7.11, 7.20, 7.30, 7.31, 7.40 and 7.50 are vulnerable

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A heap buffer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. An integer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc