VARIoT IoT vulnerabilities database

SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment. *Information may be tampered with. An attacker can exploit this issue to perform man-in-the-middle attacks to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized. Cisco HyperFlex The software contains a vulnerability related to external control of critical state data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco HyperFlex is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may help in further attacks. This issue is being tracked by Cisco Bug IDs CSCvk22858 and CSCvj95632. Cisco HyperFlex Software is a set of scalable distributed file system of Cisco (Cisco). The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image. Cisco SD-WAN Solution Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco vEdge 100 Series Routers and so on are different series of router products from Cisco. SD-WANSolution is a set of network expansion solutions running in it. A security vulnerability exists in versions prior to CiscoSD-WANSolution 17.2.8 and prior to 18.3.1 that caused the program to fail to validate the certificate correctly. Cisco SD-WAN is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvk65292

Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. Samsung SCX-6545X The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SamsungSCX-6545X is a versatile printing device. Samsung SCX-6545X is a printer made by Samsung in South Korea. A security vulnerability exists in Samsung SCX-6545X version 2.00.03.01 03-23-2012

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. Cisco Webex Network Recording Player and Webex Player Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. These issues are being tracked by Cisco Bug IDs CSCvj83752, CSCvj83767, CSCvj83771, CSCvj83793, CSCvj83797, CSCvj83803, CSCvj83818, CSCvj83824, CSCvj83831, CSCvj87929, CSCvj87934, CSCvj93870, CSCvj93877, CSCvk31089, CSCvk33049, CSCvk52510, CSCvk52518, CSCvk52521, CSCvk59945, CSCvk59949, CSCvk59950, CSCvk60158, CSCvk60163, CSCvm51315, CSCvm51318, CSCvm51361, CSCvm51371, CSCvm51373, CSCvm51374, CSCvm51382, CSCvm51386, CSCvm51391, CSCvm51393, CSCvm51396, CSCvm51398, CSCvm51412, CSCvm51413, CSCvm54531, and CSCvm54538

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. Cisco Webex Network Recording Player and Webex Player Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. When parsing an ARF file, the process does not properly validate a vtable entry before executing it, resulting in stack corruption. These issues are being tracked by Cisco Bug IDs CSCvj83752, CSCvj83767, CSCvj83771, CSCvj83793, CSCvj83797, CSCvj83803, CSCvj83818, CSCvj83824, CSCvj83831, CSCvj87929, CSCvj87934, CSCvj93870, CSCvj93877, CSCvk31089, CSCvk33049, CSCvk52510, CSCvk52518, CSCvk52521, CSCvk59945, CSCvk59949, CSCvk59950, CSCvk60158, CSCvk60163, CSCvm51315, CSCvm51318, CSCvm51361, CSCvm51371, CSCvm51373, CSCvm51374, CSCvm51382, CSCvm51386, CSCvm51391, CSCvm51393, CSCvm51396, CSCvm51398, CSCvm51412, CSCvm51413, CSCvm54531, and CSCvm54538

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. Cisco HyperFlex The software contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco bug ID CSCvk59406. Cisco HyperFlex Software is a set of scalable distributed file system of Cisco (Cisco). The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. plural Cisco Webex The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Cisco Webex Centers are prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvm14554. Cisco Webex Events Center and others are video conferencing solutions of Cisco (Cisco)

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvi48372. The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link. Cisco HyperFlex The software contains an input validation vulnerability.Information may be tampered with. Successful exploits will allow an authenticated attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible. This issue being tracked by Cisco Bug ID CSCvj95644. Cisco HyperFlex Software is a set of scalable distributed file system of Cisco (Cisco). The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. The vulnerability is due to the affected software not validating and calculating certain numerical values in IPv4 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending malformed IPv4 traffic to an affected device. A successful exploit could allow the attacker to disrupt the flow of certain IPv4 traffic passing through an affected device, which could result in a DoS condition. Cisco Remote PHY Software Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvg58415. This solution uses Ethernet PON (EPON) and metropolitan area network as the transmission network

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco bug IDs CSCvj05082 and CSCvj05086. The solution scales and protects devices, applications, and more within the network

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. Cisco Digital Network Architecture Center is prone to an authentication-bypass vulnerability. This may lead to further attacks. This issue is being tracked by Cisco bug CSCvi47699. The solution scales and protects devices, applications, and more within the network

WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator. PI Studio HMI and PI Studio Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of hsc files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of an administrator. Wecon PIStudio is an HMI software. Wecon PI Studio HMI and PI Studio are human interface programming software from Wecon Technologies. A buffer overflow vulnerability exists in Wecon PI Studio HMI 4.1.9 and earlier and PI Studio 4.2.34 and earlier. WECON PIStudio is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause denial-of-service conditions

In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information under the context of Administrator. Failed exploit attempts will likely cause denial-of-service conditions

WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of hsc files. When parsing the TextContent element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of an administrator. Wecon PI Studio HMI and PI Studio are human interface programming software from Wecon Technologies. Failed exploit attempts will likely cause denial-of-service conditions

WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object. WECON Technology PI Studio HMI and PI Studio Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of images within DAT files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of an administrator. The vulnerability stems from the program's failure to properly validate user-submitted data. No detailed vulnerability details are provided at this time. Failed exploit attempts will likely cause denial-of-service conditions

Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. Delta Electronics ISPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DVP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a new generation of Delta PLC programming software from Delta Electronics. A failed attack can result in a denial of service. Failed exploit attempts will likely cause a denial-of-service condition

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. Entes EMG12 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Entes EMG12 is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks. Entes EMG12 is a modem

Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution. Entes EMG12 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Entes EMG12 is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks. Entes EMG12 is a modem. A security vulnerability exists in the web interface in Entes EMG12 2.57 and earlier