VARIoT IoT vulnerabilities database

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. plural Schneider Electric The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. The HTTP request parser is one of the HTTP request parsers. A remote attacker can exploit this vulnerability to execute arbitrary code

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow. plural Schneider Electric The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. An attacker could exploit the vulnerability to cause a denial of service (crash)

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. plural Schneider Electric The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. Security vulnerabilities exist in several Schneider Electric products. A remote attacker could exploit the vulnerability to execute arbitrary code by sending a specially crafted request

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi07812. Vendors have confirmed this vulnerability Bug ID CSCvi07812 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx Connect is a client software developed by Cisco, which has the functions of instant messaging, IP telephony, voice, video and web conferencing. IM is one of the instant messaging components

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034. Vendors have confirmed this vulnerability Bug ID CSCve34034 It is released as.Information may be tampered with. This may aid in further attacks

A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208. Vendors have confirmed this vulnerability Bug ID CSCvh99208 It is released as.Information may be obtained. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The solution scales and protects devices, applications, and more within the network

A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication. Cisco Bug IDs: CSCvh31272. Vendors have confirmed this vulnerability Bug ID CSCvh31272 It is released as.Information may be obtained. This may aid in further attacks. The solution enables navigation and in-depth network analysis of current and historical data to make critical business and technology decisions

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222. Vendors have confirmed this vulnerability Bug ID CSCvh31222 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible

Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console. Floodlight Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states. Schneider Electric Triconex Tricon MP model 3008 Firmware contains buffer error vulnerabilities and authorization / privilege / access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Triconex Tricon 3008 is a network equipment product from Schneider Electric, France. There are unauthorized operating vulnerabilities in SchneiderElectricTriconexTricon. Schneider Electric Triconex Tricon 3008 MP is prone to multiple memory corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code within the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. Triconex Tricon 3008 MP Firmware versions 10.0 through 10.4 are vulnerable

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory. The Triconex Tricon 3008 is a network equipment product from Schneider Electric, France. Schneider Electric Triconex Tricon 3008 MP is prone to multiple memory corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code within the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. Triconex Tricon 3008 MP Firmware versions 10.0 through 10.4 are vulnerable

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution. InduSoft Web Studio and InTouch Machine Edition 2017 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric InduSoft Web Studio and InTouch Machine Edition are embedded HMI software packages from Schneider Electric, France. The product provides read, write tag and event monitoring for HMI clients. Multiple Schneider Electric Products are prone to a stack-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected device. Failed exploit attempts will likely cause a denial-of-service condition

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image. Foscam C1 Indoor HD Camera Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. A security vulnerability exists in the recovery process used in FoscamC1IndoorHDCamera, which is caused by a program that does not adequately perform security checks. ### Tested Versions Foscam Indoor IP Camera C1 Series System Firmware Version: 1.9.3.18 Application Firmware Version: 2.52.2.43 Plug-In Version: 3.3.0.26 ### Product URLs http://www.foscam.com/downloads/index.html ### CVSSv3 Score 9.6 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H ### CWE CWE-287: Improper Authentication ### Details Foscam produces a series of IP-capable surveillance devices, network video recorders, and baby monitors for the end-user. Foscam produces a range of cameras for both indoor and outdoor use and with wireless capability. One of these models is the C1 series which contains a web-based user interface for management and is based on..

On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device. Appear TV XC5000 and XC5100 There is a path traversal vulnerability in device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The AppearTVXC5000 and XC5100 are versatile carrier-grade broadcasters from Norwegian AppearTV. A security vulnerability exists in AppearTVXC5000 and XC5100 using firmware version 3.26.217

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Oracle Java SE Is Install There are vulnerabilities that affect confidentiality, integrity, and availability due to incomplete handling.Information is obtained by local users, information is altered, and service operation is interrupted. (DoS) An attack may be carried out. This issue affects the 'Install' component. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JDK/JRE: Multiple vulnerabilities Date: March 14, 2019 Bugs: #653560, #661456, #676134 ID: 201903-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Oracleas JDK and JRE software suites. Background ========== Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in todayas demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that todayas applications require. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/oracle-jdk-bin < 1.8.0.202 >= 1.8.0.202 2 dev-java/oracle-jre-bin < 1.8.0.202 >= 1.8.0.202 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Oracleas JDK and JRE software suites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, gain access to information, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.202" All Oracle JRE bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.202" References ========== [ 1 ] CVE-2018-2790 https://nvd.nist.gov/vuln/detail/CVE-2018-2790 [ 2 ] CVE-2018-2794 https://nvd.nist.gov/vuln/detail/CVE-2018-2794 [ 3 ] CVE-2018-2795 https://nvd.nist.gov/vuln/detail/CVE-2018-2795 [ 4 ] CVE-2018-2796 https://nvd.nist.gov/vuln/detail/CVE-2018-2796 [ 5 ] CVE-2018-2797 https://nvd.nist.gov/vuln/detail/CVE-2018-2797 [ 6 ] CVE-2018-2798 https://nvd.nist.gov/vuln/detail/CVE-2018-2798 [ 7 ] CVE-2018-2799 https://nvd.nist.gov/vuln/detail/CVE-2018-2799 [ 8 ] CVE-2018-2800 https://nvd.nist.gov/vuln/detail/CVE-2018-2800 [ 9 ] CVE-2018-2811 https://nvd.nist.gov/vuln/detail/CVE-2018-2811 [ 10 ] CVE-2018-2814 https://nvd.nist.gov/vuln/detail/CVE-2018-2814 [ 11 ] CVE-2018-2815 https://nvd.nist.gov/vuln/detail/CVE-2018-2815 [ 12 ] CVE-2019-2422 https://nvd.nist.gov/vuln/detail/CVE-2019-2422 [ 13 ] CVE-2019-2426 https://nvd.nist.gov/vuln/detail/CVE-2019-2426 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-14 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM). Multiple Intel Products are prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. Intel MKKBLY35.86A is a firmware used in Intel NUC products by Intel Corporation of the United States. An input validation error vulnerability exists in several Intel products due to the program's inadequate implementation of input validation. The following products and versions are affected: Intel MKKBLY35.86A; MKKBLi5v.86A; GKAPLCPX.86A; DNKBLi7v.86A; DNKBLi5v.86A; DNKBLi30.86A; 86A; MYBDWi5v.86A; MYBDWi30.86A; TYBYT10H.86A; FYBYT10H.86A; CCSKLm5v.86A;

A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message. MikroTik Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik is a routing operating system based on Linux kernel developed by Latvian MikroTik Company. This system turns a PC computer into a professional router. A security vulnerability exists in MikroTik version 6.41.4

D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. B The device contains a cross-site scripting vulnerability.Information may be obtained or information may be altered. D-LinkDIR-815REV.B is a wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-815REV.B with DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. A remote attacker could exploit the vulnerability to obtain authentication cookies by sending a 'Treturn' parameter to the /htdocs/webinc/js/bsc_sms_inbox.php file

D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. B The device contains a cross-site scripting vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. D-LinkDIR-815REV.B is a wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-815REV.B with DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. A remote attacker could exploit the vulnerability to obtain authentication cookies by sending a \342\200\230RESULT\342\200\231 parameter to the /htdocs/webinc/js/info.php file

D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. B The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815REV.B is a wireless router product from D-Link. A security vulnerability exists in the /htdocs/web/getcfg.php file in D-LinkDIR-815REV.B using DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. An attacker could exploit the vulnerability to bypass permissions and obtain information. B using DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and earlier firmware