VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. SIMATIC S7-PLCSIM simulates S7-1200, S7-1500 and some other PLC derivatives and is shipped as part of SIMATIC STEP 7. SIMATIC STEP 7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. SIMOCODE ES is the central software package for configuration, commissioning, operation and diagnostics of SIMOCODE-pro. SINAMICS Startdrive commissioning software is the engineering tool for integrating SINAMICS drives in TIA Portal. Totally Integrated Automation Portal (TIA Portal) is a PC software that offers the complete range of Siemens digital automation services, from digital planning and integrated engineering to transparent operation. TIA Portal Cloud makes it possible to use the main and main option packages of TIA Portal in a virtualized environment. Local projects can be transferred to the cloud and reloaded via file sharing services

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to cross-site request forgery (CSRF). This could allow an attacker to read or modify the device configuration by tricking an authenticated legitimate user into accessing a malicious link. RUGGEDCOM ROX II is a ROX-based VPN endpoint and firewall device used to connect devices operating in harsh environments, such as power substations and traffic control cabinets

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1800t An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. There is a stack overflow vulnerability in the cstecgi.cgi sub_40662C of the TOTOLINK EX1800T. The vulnerability is caused by the ssid parameter of the sub_40662C function of the /cgi-bin/cstecgi.cgi file failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TP-LINK Technologies of vn020 f3v An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK VN020 is a wireless modem from TP-LINK of China. Unauthenticated attackers can exploit this vulnerability to execute arbitrary code

A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. TP-LINK Technologies of vn020 f3v The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK VN020 is a wireless modem from TP-LINK of China

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. WAVLINK of wn531p3 A firmware vulnerability related to improper default permissions exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WN531P3 is a router developed by WAVLINK, a Chinese company

WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. WAVLINK of WL-WN701AE A firmware vulnerability related to improper default permissions exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WN701AE is a router developed by WAVLINK, a Chinese company

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.   Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02. aspect-ent-2 firmware, aspect-ent-256 firmware, aspect-ent-96 firmware etc. ABB The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ABB ASPECT is a scalable building energy management and control solution from Swiss company ABB. Attackers can exploit this vulnerability to access the system

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.   Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02. aspect-ent-2 firmware, aspect-ent-256 firmware, aspect-ent-96 firmware etc. ABB The product contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ABB ASPECT is a scalable building energy management and control solution from Swiss company ABB. An attacker can exploit this vulnerability to gain unauthorized administrator/application access

In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. Google of Android Exists in unspecified vulnerabilities.Information may be obtained. Google Pixel is a smartphone from Google Inc. There is a security vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in emmc_rpmb_ioctl in emmc_rpmb.c, which may cause information leakage. No detailed vulnerability details are provided at present

In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google Inc. The vulnerability is caused by the lack of boundary check in the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler in flp2hal_interface.c

In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause privilege escalation

In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google Inc. There is a security vulnerability in Google Pixel, which is caused by multiple possible out-of-bounds writes in the /proc/driver/wmt_dbg driver. No detailed vulnerability details are provided at this time

In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. There is an out-of-bounds write vulnerability in Google Pixel

AiKuai flow control router is a router product of Quanxun Huiju Network Technology (Beijing) Co., Ltd. AiKuai flow control router of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

AiKuai flow control router is a router product of Quanxun Huiju Network Technology (Beijing) Co., Ltd. AiKuai flow control router of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database.

A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. The vulnerability is caused by the parameter Content-Length of the file upgrade_check.cgi failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. of AC6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is due to insufficient length or boundary checking of input data, overwriting adjacent memory areas. Attackers can exploit this vulnerability to execute malicious code and gain control of the router, thereby threatening devices and network data connected to the router

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. Shenzhen Tenda Technology Co.,Ltd. of AC6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability stems from improper input processing in the guest_ip_check function of the setDoubleL2tpConfig module. No detailed vulnerability details are currently available

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. Shenzhen Tenda Technology Co.,Ltd. of AC6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the guest_ip_check function in the setDoublePppoeConfig module not properly validating the input. No detailed vulnerability details are currently provided