VARIoT IoT vulnerabilities database

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. This vulnerability CVE-2018-0724 Is a different vulnerability.Information may be obtained and information may be altered. QNAPQ'centerVirtualAppliance is a virtual device used by QNAP Systems to deploy Q'center (QNAPNAS management platform) in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation

ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD. VIA Technologies EPIA-E900 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. VIA Technologies EPIA-E900 system board is an embedded Pico-ITX motherboard from VIA Technologies. ETK_E900.sys SmartETK driver is one of the drivers. A security vulnerability exists in the ETK_E900.sys SmartETK driver for VIA Technologies EPIA-E900 system motherboards. An attacker could exploit this vulnerability to cause a denial of service

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor CGA0111 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor CGA0111 is a cable modem of the French Technicolor Group. Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU has a security vulnerability

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor DPC3928SL The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor DPC3928SL is a cable modem of the French Technicolor Group. Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a version has a security vulnerability

Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor TC7200.d1I The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7200.d1I is a cable modem of the French Technicolor Group. Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT has a security vulnerability

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor CWA0101 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor CWA0101 is a cable modem of the French Technicolor Group. Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC version has a security vulnerability

Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. Technicolor TC7200.TH2v2 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7200.TH2v2 is a cable modem of the French Technicolor Group. Technicolor TC7200.TH2v2 SC05.00.22 has a security vulnerability

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. TC7110.AR The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7110.AR is a cable modem of the French Technicolor Group. Technicolor TC7110.AR STD 3.38.03 has a security vulnerability

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. Technicolor TC7110.B The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7110.B is a cable modem from Technicolor Group. Technicolor TC7110.B STC8.62.02 has a security vulnerability

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests. D-Link DCM-604 and DCM-704 The device contains a certificate / password management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The D-Link DCM-604 and DCM-704 are both D-Link wireless router products. A security vulnerability exists in the D-LinkDCM-604DCM604_C1_ViaCabo_1.04_20130606 and DCM-704EU_DCM-704_1.10 versions

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors. Provided by Yokogawa Electric Corporation Vnet/IP For open communication drivers, disruption of service operation due to driver reception processing (DoS) Vulnerabilities (CWE-399) Exists. This vulnerability information is provided by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC By developers and the United States ICS-CERT And adjusted.Service disruption when processing a large number of packets sent from a remote third party (DoS) State Vnet/IP The communication function of the open communication driver may stop. Yokogawa Vnet/IP Open Communication Driver is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. The following products are affected: Yokogawa CENTUM CS 3000 R3.05.00 through R3.09.5 Yokogawa CENTUM CS 3000 Entry Class R3.05.00 through R3.09.50 Yokogawa CENTUM VP R4.01.00 through R6.03.10 Yokogawa CENTUM VP Entry Class R4.01.00 through R6.03.10 Yokogawa Exaopc R3.10.00 through R3.75.00 Yokogawa PRM R2.06.00 through R3.31.00 Yokogawa ProSafethrough RS R1.02.00 through R4.02.00 Yokogawa FAST/TOOLS R9.02.00 through R10.02.00 Yokogawa B/M9000 VP R6.03.01 through R8.01.90. Yokogawa CENTUM CS 3000, etc. are all products of Japan's Yokogawa (Yokogawa) company. Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. Epson WorkForce WF-2861 The device contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Epson WorkForce WF-2861 is a Wi-Fi duplex all-in-one inkjet printer. Epson WorkForce WF-2861 10.48 LQ22I3 (recovery mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA web services have firmware update authorization vulnerabilities

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI. Epson WorkForce WF-2861 The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EpsonWorkForceWF-2861 is a multifunction printer from Epson Japan. A security vulnerability exists in the Web service in EpsonWorkForceWF-2861 using 10.48LQ22I3 (Recovery mode) version, 10.51.LQ20I6 version and 10.52.LQ17IA version firmware

An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. IIoT Monitor Is XML An external entity vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability.The specific flaw exists in the Login method of the AccountMgmt servlet. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this in conjunction with other vulnerabilities to bypass authentication on the system. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. An attacker could use this vulnerability to obtain restricted information. A directory-traversal vulnerability 2. An arbitrary file-upload vulnerability 3. An XML External Entity injection vulnerability An attacker can exploit these issues to gain access to arbitrary files, upload and execute arbitrary files to the affected computer and gain access to sensitive information

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. IIoT Monitor Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability.The specific flaw exists within downloadCSV.jsp servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information in the context of SYSTEM. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. A directory-traversal vulnerability 2. An arbitrary file-upload vulnerability 3

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Pro-Face GP-Pro EX Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Pro-face GP-Pro EX 4.08 and prior versions are vulnerable

WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401. WellinTech KingSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. WellinTech KingSCADA is a cross-platform SCADA system software from China's WellinTech. The software has model application, remote centralized management deployment, multi-person simultaneous development, data acquisition and processing

An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. IIoT Monitor Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is required to exploit this vulnerability but authentication can be easily bypassed.The specific flaw exists within the processing of the upload method of the ProtectionMgmt servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. A directory-traversal vulnerability 2. An arbitrary file-upload vulnerability 3

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. Epson WorkForce WF-2861 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Epson WorkForce WF-2861 is a Wi-Fi duplex all-in-one inkjet printer. An attacker could use this vulnerability to perform an amplification attack, which could lead to a denial of service. A security vulnerability exists in the Epson WorkForce WF-2861 using firmware versions 10.48 LQ22I3, 10.51.LQ20I6, and 10.52.LQ17IA

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longer functions until a reboot. Epson WorkForce WF-2861 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EpsonWorkForceWF-2861 is a multifunction printer from Epson Japan. There is a security hole in the \342\200\230AirPrint Settings\342\200\231 web page in EpsonWorkForceWF-2861 using 10.48LQ22I3 version, 10.51.LQ20I6 version and 10.52.LQ17IA version firmware. An attacker could exploit the vulnerability to cause the device to stop working